| 1 |
Ned Ludd wrote: |
| 2 |
|
| 3 |
>On Mon, 2005-06-20 at 07:34 +0300, Rumen Yotov wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
>>Hi, |
| 7 |
>>Recently began using flawfinder& rats and they're working (logging things). |
| 8 |
>>For now don't have time to look at the logs (beside *me* needing more |
| 9 |
>>time to check them), so is there some place/person which |
| 10 |
>>collects/is_interested in such info. |
| 11 |
>> |
| 12 |
>> |
| 13 |
> |
| 14 |
>You should probably hold on to these. |
| 15 |
>Most of us are capable of running these commands for ourselves. |
| 16 |
> |
| 17 |
> |
| 18 |
> |
| 19 |
>>Maybe some meta-bug or other, or |
| 20 |
>>just send they upstream (if correct)? |
| 21 |
>> |
| 22 |
>> |
| 23 |
> |
| 24 |
>Real bugs should mailed upstream. |
| 25 |
> |
| 26 |
> |
| 27 |
> |
| 28 |
>>Any experiences with them, are they correct? |
| 29 |
>> |
| 30 |
>> |
| 31 |
> |
| 32 |
>Sadly neither of the tools can take into account program execution |
| 33 |
>flows. I tend to view them these tools as pretty much nothing more than |
| 34 |
>glorified grep commands. Handy if your looking for the obvious, but most |
| 35 |
>of the obvious bugs have been fixed obviously for some time. |
| 36 |
> |
| 37 |
>Keep your logs. When you are sure you have pinpointed something that you |
| 38 |
>know is a bug, then feel free to file a bug preferably with a patch that |
| 39 |
>fixes the problem also. |
| 40 |
> |
| 41 |
> |
| 42 |
> |
| 43 |
Hi, |
| 44 |
Thanks for your answer. |
| 45 |
Think this is the most sensible thing to do. So they're not that much |
| 46 |
sophisticated. |
| 47 |
PS: taking in account the number of packages/apps maybe there are still |
| 48 |
some with bugs left ;) |
| 49 |
Rumen |
Archives