1 |
Ned Ludd wrote: |
2 |
|
3 |
>On Mon, 2005-06-20 at 07:34 +0300, Rumen Yotov wrote: |
4 |
> |
5 |
> |
6 |
>>Hi, |
7 |
>>Recently began using flawfinder& rats and they're working (logging things). |
8 |
>>For now don't have time to look at the logs (beside *me* needing more |
9 |
>>time to check them), so is there some place/person which |
10 |
>>collects/is_interested in such info. |
11 |
>> |
12 |
>> |
13 |
> |
14 |
>You should probably hold on to these. |
15 |
>Most of us are capable of running these commands for ourselves. |
16 |
> |
17 |
> |
18 |
> |
19 |
>>Maybe some meta-bug or other, or |
20 |
>>just send they upstream (if correct)? |
21 |
>> |
22 |
>> |
23 |
> |
24 |
>Real bugs should mailed upstream. |
25 |
> |
26 |
> |
27 |
> |
28 |
>>Any experiences with them, are they correct? |
29 |
>> |
30 |
>> |
31 |
> |
32 |
>Sadly neither of the tools can take into account program execution |
33 |
>flows. I tend to view them these tools as pretty much nothing more than |
34 |
>glorified grep commands. Handy if your looking for the obvious, but most |
35 |
>of the obvious bugs have been fixed obviously for some time. |
36 |
> |
37 |
>Keep your logs. When you are sure you have pinpointed something that you |
38 |
>know is a bug, then feel free to file a bug preferably with a patch that |
39 |
>fixes the problem also. |
40 |
> |
41 |
> |
42 |
> |
43 |
Hi, |
44 |
Thanks for your answer. |
45 |
Think this is the most sensible thing to do. So they're not that much |
46 |
sophisticated. |
47 |
PS: taking in account the number of packages/apps maybe there are still |
48 |
some with bugs left ;) |
49 |
Rumen |