On Wed, Jul 2, 2014 at 9:48 PM, Salz, Rich <[email protected]> wrote: >> However, I feel that the developer group is a bit closed to outsiders. > > More communication and transparency is coming, as we have a bigger and more > invigorated developer team. It will take time. But not everything will > always be discussed in public mailing lists right away, parciularly around > vulnerabilities. > >> I requested access to the OpenSSL scan results on coverity, and up to now, >> my request is still pending :-( > > This could be an example of that. (I don't know, I haven't looked through > any reports.) But I hope that you understand why there might be concerns > about doing this.
I write fixes for pieces of software that I depend on. Some time ago, I sent a diff for OpenSSL. If I'm interested in fixing OpenSSL, why shouldn't I have access to coverity scans ? Other Open Source projects have provided me access to their coverity scans, despite the fact that I'm not a committer. > > Are there other issues or examples that come to mind? > > /r$ > > -- > Principal Security Engineer > Akamai Technologies, Cambridge, MA > IM: [email protected]; Twitter: RichSalz -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
