tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [gsoc] syscall/libc fuzzer proposal

On Sat, Mar 20, 2010 at 03:40:33PM -0400, Elad Efrat wrote:
 >>>> If not, I don't think this adds any benefit to your proposal and
 >>>> is likely to simply be a distraction; I'd urge you in that case
 >>>> to drop it.
 >>> Strongly seconded. There are so many great ways to improve NetBSD and
 >>> wasting time and money on fuzzing is about as suboptimal as it gets.
 >> Um.
 >> First of all, that's not what Thor said;
 > Sorry? Are you saying that me agreeing with Thor that unless this
 > proposal shows some clear advantage over what we already have --
 > specifically Coverity Scan -- it should probably be dropped is not
 > what Thor said?

He was talking about the bounds-checking translation tool part. You
were attacking the entire thing.

 > > second of all, you really
 > > should not be telling potential gsoc students that their project ideas
 > > are flatly worthless, even if your judgment were correct;
 > I said exactly what I think

Which was tactless and rude. If someone comes along with an idea
that's basically a waste of time, they should be gently steered
towards something else. Students don't always have good ideas; that's
why they need mentoring and advising, but you don't mentor and advise
very effectively by being hostile and dismissive.

Also, outside of the specific gsoc context, we have a long-standing
custom in this project to not tell other people what to spend their
time on or what is and isn't valuable.

 > > and third,
 > > I'm rather surprised that anyone who claims to work on security would
 > > call testing and analysis tools worthless.
 > I don't *claim* anything, David; I *work*, at least as opposed to,
 > say, assigning bugs to me, claiming for years I'll do something about
 > them (together with many other grand ideas) and instead fix, I dunno,
 > whitespace and grammar issues. Take your preaching elsewhere; I
 > couldn't care less.

Is that what you think I do? (And if so, do you really want to get
into ad hominems? You're on fairly shaky ground.)

 > As for the issue at hand, well, I suggest you look at what the
 > proposal is, what we already have for years, and draw your own
 > conclusions.

Yes, I have; it needs to be fleshed out into a real project proposal
(as is to be expected at this stage, after all) but I don't see
anything inherently wrong with it so far.

David A. Holland

Home | Main Index | Thread Index | Old Index