From owner-freebsd-security@FreeBSD.ORG Thu Apr 24 20:49:31 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0EC67C6E for ; Thu, 24 Apr 2014 20:49:31 +0000 (UTC) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id E3FA81C4A for ; Thu, 24 Apr 2014 20:49:30 +0000 (UTC) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id A94543ADFA for ; Thu, 24 Apr 2014 13:49:24 -0700 (PDT) From: "Ronald F. Guilmette" To: "freebsd-security@freebsd.org" Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? In-Reply-To: Date: Thu, 24 Apr 2014 13:49:24 -0700 Message-ID: <26111.1398372564@server1.tristatelogic.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2014 20:49:31 -0000 In message , Erik Cederstrand wrote: >As others have pointed out, 'too hard' can also mean 'too hard' to get >someone with commit access to actually commit the patch and accept the >risk of introducing new bugs. Case in point: I contributed this >one-liner patch for ZFS found by Clang Analyzer, adding the __noreturn__ >pragma you also mention: https://www.illumos.org/issues/3363. For 1,5 >years, I have been unable to get anyone from FreeBSD or Illumos to >commit it or even review it. Ah! OK. That is a different sort of problem entirely, and one for which I personally have no suggestion, nor any ready answer. Regards, rfg