Date: Wed, 23 Apr 2014 09:57:49 +0100 From: Ben Laurie <benl@freebsd.org> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <CAG5KPzy6cx8rzz6edeKkjSwYpenXioVd0LEj5tcp%2B92i00vFbg@mail.gmail.com> In-Reply-To: <10999.1398215531@server1.tristatelogic.com> References: <20140423010054.2891E143D098@rock.dv.isc.org> <10999.1398215531@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23 April 2014 02:12, Ronald F. Guilmette <rfg@tristatelogic.com> wrote: > > In message <20140423010054.2891E143D098@rock.dv.isc.org>, > Mark Andrews <marka@isc.org> wrote: > >>As for the number of CLANG analysis warnings. Clang has false >>positives > > Please define your terms. > > I do imagine that the truth or falsehood of your assertion may depend > quite substantally on what one does or does not consider a "false > positive" in this context. > >>some of which are impossible to remove regardless of how >>you recode the section... > > I, for one, would dearly love to see one or more concrete examples > which purport to support the above assertion (of which I am dubious). So try wading through the morass of false positives yourself and discover what a joy it is for yourself.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzy6cx8rzz6edeKkjSwYpenXioVd0LEj5tcp%2B92i00vFbg>