This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: US-CERT Vulnerability Note VU#162289
On Fri, Apr 25, 2008 at 11:45:25AM -0400, Paul Koning wrote:
> Robert> To me, the whole notion of this vulnerability node is flawed
> Robert> in that respect. You can write a lengthy and useful book on
> Robert> pitfalls in C that must be avoided, but I see no reason to
> Robert> turn such a book into a cert advisory, let alone pick out a
> Robert> single arbitrary example on a particular compiler!
>
> I think that comment is absolutely correct.
The R in CERT is "Response" (at least it used to be; I can't find an
expansion on their web site...). They're responding to a problem that
was reported to them, and alerting others to the problem. We can
argue about the details, but not about the need to respond.
--
Daniel Jacobowitz
CodeSourcery