[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Testing Security team

On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote:
> So, question, do you want to have reports also of missing pieces of
> statically linked code snippets in that list?

On request of Steffen Joeris I'm following up here with a chat log
between we two:

  (15:34:40) white: hi
  (15:36:11) white: i read your mail, can you maybe elaborate it a bit?
             i am not quite sure, if i get your case of code duplication right
  (15:36:47) zack: my point is: ocaml-syck (but is just an example) is
             now statically linked with libsyck
  (15:37:04) zack: is the security team aware that they need to rebuild
             ocaml-syck if they found a security bug in libsyck?
  (15:40:34) white: no, at least i would not think about it
  (15:40:59) white: that is an interesing (and unfortunate) point
  (15:41:04) zack: ok, so we actually need a list also of statically
             linked stuff
  (15:41:13) zack: please reply on list with this reasoning of ours
  (15:41:57) white: please do me a favour and paste this log into an
             email and mail it to the list
  (15:42:03) white: i will look into it tomorrow
  (15:42:11) zack: ok
  (15:42:17) white: thanks


Stefano Zacchiroli -*- PhD in Computer Science ............... now what?
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
(15:56:48)  Zack: e la demo dema ?    /\    All one has to do is hit the
(15:57:15)  Bac: no, la demo scema    \/    right keys at the right time

Attachment: signature.asc
Description: Digital signature

Reply to: