On Fri, Jan 4, 2013 at 8:10 PM, Ales Ledvinka <aledv...@redhat.com> wrote: [...] > Per issue, file or defect type group? >
It's hard to say in a general way. Sometimes one is better than another and sometimes it's better to edit hell out of .c file. [...] >> > Reasonable minimal fix. If further question remain then add some >> > XXX comment. >> > >> >> Hmm. I feel like question was about apples and answer oranges. >> Anyway, I wanted to say I've read: ``I'll hack in fixes'', but that's >> not the word I'm looking for. Sadly, I can't find English equivalent >> of word I'm looking for to ``reasonable minimal fix'', but let's say >> I'm looking forward for those code reviews. > Just re-read the "reasonable". > I've read it the first time. I've seen some "reasonable" things and I choose to remain skeptic. >> >> [...] >> >> >> >> What do you mean when you say you are going to release the report >> >> to >> >> the "public" >> >> with "the patch"? >> > >> > Once the changes are public it's like releasing the report so I was >> > thinking of attaching it to tracker item with patch to aid review. >> > >> >> Ales, can you please stop making secrets about something that's not >> secret? ipmitool is open-source. Static analysis, I presume that's >> what you, or Fedora, have used, tools are available to pretty much >> everyone. Also, there are other security issues like over/underflow >> via user input. So I doubt whatever "you" found is worse. >> On the bright side, I'm glad somebody have found time and made an >> effort to run ipmitool through analysis tool. > > Report quality may vary with analysis tool used. Yep, although I'm not sure what the point is. If we were talking about party with malicious intentions, I wouldn't underestimate it. I'm glad to see you're aware of pros and cons of analysis tools though. > Then it's about effort to generate the report, > effort to check the reported item > whether it's security issue or not and effort to fix it. These are > not the same thing. Right. And if you want to do it all behind the closed, but unlocked, doors, that's fine by me. However I'm not going to opt in, because that's not how I do things. > Feel free to request the report. And then it's > your decision whether you release it before anything else. > Don't get me wrong. I'm looking forward to it; hell, you can say I'm interested in; but I'm not desperate about it. It sounds to me as either sort of oxymoron or just passing a buck(which I, sort of, understand). Enough said, Z. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
