tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [gsoc] syscall/libc fuzzer proposal



On Sat, Mar 20, 2010 at 3:24 PM, David Holland 
<dholland-tech%netbsd.org@localhost> wrote:
> On Sat, Mar 20, 2010 at 01:54:49PM -0400, Elad Efrat wrote:
>> Thor Lancelot Simon wrote:
>>> If not, I don't think this adds any benefit to your proposal and is likely
>>> to simply be a distraction; I'd urge you in that case to drop it.
>>
>> Strongly seconded. There are so many great ways to improve NetBSD and
>> wasting time and money on fuzzing is about as suboptimal as it gets.
>
> Um.
>
> First of all, that's not what Thor said;

Sorry? Are you saying that me agreeing with Thor that unless this
proposal shows some clear advantage over what we already have --
specifically Coverity Scan -- it should probably be dropped is not
what Thor said?

> second of all, you really
> should not be telling potential gsoc students that their project ideas
> are flatly worthless, even if your judgment were correct;

I said exactly what I think and I'll repeat it again: there are many
ways to improve NetBSD. Wasting both time and money, even if it's
someone else's, on things that aren't likely to benefit NetBSD in the
long term is a waste. There's a list of projects NetBSD's interested
in, and when someone proposes a project not on the list it should be
reviewed.

What I said is my opinion. I don't decide which projects are selected,
nor do I participate or plan to participate; it's an honest, objective
opinion.

> and third,
> I'm rather surprised that anyone who claims to work on security would
> call testing and analysis tools worthless.

I don't *claim* anything, David; I *work*, at least as opposed to,
say, assigning bugs to me, claiming for years I'll do something about
them (together with many other grand ideas) and instead fix, I dunno,
whitespace and grammar issues. Take your preaching elsewhere; I
couldn't care less.

As for the issue at hand, well, I suggest you look at what the
proposal is, what we already have for years, and draw your own
conclusions.

-e.


Home | Main Index | Thread Index | Old Index