lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Jun 2012 14:19:14 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Julia Lawall <julia.lawall@...6.fr>
Cc:	Fengguang Wu <wfg@...ux.intel.com>, linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org, Pekka Enberg <penberg@...nel.org>,
	Al Viro <viro@...iv.linux.org.uk>,
	Christopher Li <sparse@...isli.org>,
	Josh Triplett <josh@...edesktop.org>,
	Linus Torvalds <torvalds@...970.osdl.org>
Subject: Re: automated warning notifications

On Fri, Jun 15, 2012 at 06:40:51AM -0400, Julia Lawall wrote:
> > > Eventually I think we will want to set up a mailing list for this or
> > > we will start sending duplicate messages.
> >
> > Fair enough. How can we setup the mailing list? Once the list up, it
> > would be trivial for me to send sparse warnings out there.
> 
> I'm not completely sure that a mailing list would completely eliminate
> duplicate messages.  But still, it could be the place for people who are
> interested in seeing such messages to go to, so it seems like a good
> thing.  I would be happy to contribute content :)

Yeah.  That might be interesting.  If you don't know whether a bug
is a false positive or not you could submit it to the list for
people to look at.

I don't know if anyone will actually look at them.  I had been
planning to filter them to a mail box and automatically ignore
anything that was a duplicate.  But it might actually be worth
looking at them as well.  Especially if you email had enough useful
context so I could tell from the message what the bug is.

Probably we could use something like the attached script to print
out the line of code which causes the bug and some other script to
querry git blame and attach the offending commit?

regards,
dan carpenter


Download attachment "context.sh" of type "application/x-sh" (313 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ