This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: US-CERT Vulnerability Note VU#162289

From: David Miller <davem at davemloft dot net>
To: Joe dot Buck at synopsys dot COM
Cc: crd at cert dot org, mark at codesourcery dot com, rcs at cert dot org, gcc at gcc dot gnu dot org, cert at cert dot org
Date: Wed, 23 Apr 2008 15:37:26 -0700 (PDT)
Subject: Re: US-CERT Vulnerability Note VU#162289
References: <20080423.054228.210900224.davem@davemloft.net> <480F3470.2050909@cert.org> <20080423152444.GC11922@synopsys.com>

From: Joe Buck <Joe.Buck@synopsys.COM>
Date: Wed, 23 Apr 2008 08:24:44 -0700

> If CERT is to maintain its reputation, it needs to do better.  The warning
> is misdirected in any case; given the very large number of compilers that
> these coding practices cause trouble for, you need to focus on the bad
> coding practices, not on unfair demonization of new GCC releases.

In my opinion CERT's advisory has been nothing but an unfair FUD
campaign on compilers, and GCC specifically, and has seriously
devalued CERT's advisories, in general, which were already of low
value to begin with.

It looks similar to a news article run by a newspaper that is losing
money and has no real news to write about, but yet they have to write
about something.

The worst part of this fiasco is that GCCs reputation has been
unfairly harmed in one way or another, and there is nothing CERT can
do to rectify the damage they've caused.

References:
- Re: US-CERT Vulnerability Note VU#162289
  - From: David Miller
- Re: US-CERT Vulnerability Note VU#162289
  - From: Chad Dougherty
- Re: US-CERT Vulnerability Note VU#162289
  - From: Joe Buck

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]