[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Calysto v1.5 reports on openldap_v2.4.4alpha


On 8/21/07, Kurt Zeilenga <kurt@openldap.org> wrote:
> I think this is a mischaracterization of the particular action the
> Foundation took (in off-list email).
> The Foundation was presented with a offer to participate in a
> marketing program.  As a matter of policy, such offers are to be
> rejected and the Foundation, hence, declined your offer.
> It our correspondance with you, we noted that our statement declining
> your offer in no way impacts licenses the OpenLDAP Foundation has
> granted regarding the use and/or distribution of OpenLDAP Software.
> That is, you can continue to use OpenLDAP Software under the terms of
> the copyright and license statements.  No special license is need to
> perform static checking of OpenLDAP Software.
> Subsequent to this, you asked whether it would be okay to send an
> additional report to the list.  The Foundation responded that you
> need no special permission to submit additional messages to OpenLDAP
> mailing lists.
> To summarize: you made an offered reports with strings; we rejected
> the strings.  No one has precluded you from submitting further
> reports for discussion.  Just no strings, please.

Heh, there are no free rides - you would like to get the reports, but
you are not ready to give anything in return.

Years of research have been invested in Calysto (and its sub-parts, like
Spear theorem prover), running checks takes significant computational
resources, and finally, I spend significant amounts of my own time
filtering and pre-analyzing the reports for you.

I asked for only two things: prompt feedback and adding logo to the web
page. That's not _really_ a marketing request. Anyways, doesn't matter,
there are plenty of other projects out there willing to collaborate.

I'd also like to reply to Pierangelo in this email:

On 8/21/07, Pierangelo Masarati <ando@sys-net.it> wrote:
> I believe he said the project is
> not interested in receiving plain reports just for the purpose of
> debugging Calysto

Quid pro quo. I help you debug your code.

> (nothing personal: only, we're just a few volunteers,
> and we cannot dedicate too much time in reviewing reports potentially
> filled by false positives).  If you put some effort in separating what
> could be critical from what isn't likely, any report would be welcome.

I respect everyone's time and don't want to waste it with piles of false
positives. The focus of much of research related to Calysto is to make
it as precise as possible, meaning that there are already few false
positives, and there will be even fewer in the future.

> For example, I'm reviewing your initial submission and, apart from
> what's directly related to the clients, there are a couple of reports
> that may require some action.  I'll post about my findings later, on a
> private basis.  Only, I'm not going to do this routinely and too often.

Thank you for your feedback. I'll post you a private reply.


        Domagoj Babic