[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [gsoc] syscall/libc fuzzer proposal
On Sat, Mar 20, 2010 at 03:40:33PM -0400, Elad Efrat wrote:
>>>> If not, I don't think this adds any benefit to your proposal and
>>>> is likely to simply be a distraction; I'd urge you in that case
>>>> to drop it.
>>> Strongly seconded. There are so many great ways to improve NetBSD and
>>> wasting time and money on fuzzing is about as suboptimal as it gets.
>> First of all, that's not what Thor said;
> Sorry? Are you saying that me agreeing with Thor that unless this
> proposal shows some clear advantage over what we already have --
> specifically Coverity Scan -- it should probably be dropped is not
> what Thor said?
He was talking about the bounds-checking translation tool part. You
were attacking the entire thing.
> > second of all, you really
> > should not be telling potential gsoc students that their project ideas
> > are flatly worthless, even if your judgment were correct;
> I said exactly what I think
Which was tactless and rude. If someone comes along with an idea
that's basically a waste of time, they should be gently steered
towards something else. Students don't always have good ideas; that's
why they need mentoring and advising, but you don't mentor and advise
very effectively by being hostile and dismissive.
Also, outside of the specific gsoc context, we have a long-standing
custom in this project to not tell other people what to spend their
time on or what is and isn't valuable.
> > and third,
> > I'm rather surprised that anyone who claims to work on security would
> > call testing and analysis tools worthless.
> I don't *claim* anything, David; I *work*, at least as opposed to,
> say, assigning bugs to me, claiming for years I'll do something about
> them (together with many other grand ideas) and instead fix, I dunno,
> whitespace and grammar issues. Take your preaching elsewhere; I
> couldn't care less.
Is that what you think I do? (And if so, do you really want to get
into ad hominems? You're on fairly shaky ground.)
> As for the issue at hand, well, I suggest you look at what the
> proposal is, what we already have for years, and draw your own
Yes, I have; it needs to be fleshed out into a real project proposal
(as is to be expected at this stage, after all) but I don't see
anything inherently wrong with it so far.
David A. Holland
Main Index |
Thread Index |