On Čt, 2014-07-03 at 09:13 -0400, Theodore Ts'o wrote:
> However, in the kernel we are much more lax about who gets access to
> the Coverity project. Part of this is the sure and certain knowledge
> that the bad guys are quite willing to pay for a Coverity license, and
> so for us the balance of increasing the pool of those can who are
> looking through the Coverity scans, and contribute to fix bugs, and
> thus grow the development community, tips in favor of being more open
> about who gets access to Coverity.
Yes, the real bad guys can surely buy Coverity license, they can even
write similar tools themselves. So once is something found by Coverity
scan it should be considered as public knowledge anyway. Manual review
by real people is something very different.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
