Ethereal-dev: Re: [Fwd: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Mon, 6 Mar 2006 22:04:26 +0100
On Mon, Mar 06, 2006 at 09:52:35AM -0600, Gerald Combs wrote:
> There are 143 defects for Ethereal listed at http://scan.coverity.com .
>  I'd like to see them fixed before the next release.  If you want to
> help out, please send a note to Ben and CC me.

IMNSHO, the list should be made public now. We haven't had any problems
with early disclosure in the past. We already have some critical
bugfixes in the code that will just be delayed by fixing all the new
ones, so it doesn't make a difference from a security point of view to
keep the new ones secret, while the old ones are already known. Maybe
just (automatically) opening bug-reports with blocker for each of thems
would be a good way to proceed?
Personally, I'd like to work on some of the issues, so in case we can't
work on these things in public then yes, I'd like an account. But I'd
really like an answer to why this list cannot be made public for the
Ethereal project (I'm not talking about other projects here).

 Thanks
      Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.