On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote:
> So, question, do you want to have reports also of missing pieces of
> statically linked code snippets in that list?
On request of Steffen Joeris I'm following up here with a chat log
between we two:
(15:34:40) white: hi
(15:36:11) white: i read your mail, can you maybe elaborate it a bit?
i am not quite sure, if i get your case of code duplication right
(15:36:47) zack: my point is: ocaml-syck (but is just an example) is
now statically linked with libsyck
(15:37:04) zack: is the security team aware that they need to rebuild
ocaml-syck if they found a security bug in libsyck?
(15:40:34) white: no, at least i would not think about it
(15:40:59) white: that is an interesing (and unfortunate) point
(15:41:04) zack: ok, so we actually need a list also of statically
linked stuff
(15:41:13) zack: please reply on list with this reasoning of ours
(15:41:57) white: please do me a favour and paste this log into an
email and mail it to the list
(15:42:03) white: i will look into it tomorrow
(15:42:11) zack: ok
(15:42:17) white: thanks
Cheers.
--
Stefano Zacchiroli -*- PhD in Computer Science ............... now what?
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
(15:56:48) Zack: e la demo dema ? /\ All one has to do is hit the
(15:57:15) Bac: no, la demo scema \/ right keys at the right time
Attachment:
signature.asc
Description: Digital signature