On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote: > Publishing them is a bit tricky - I can of course publish them (we scan > with cppcheck, enhanced gcc warnings, clang and coverity) - but the > reports may contain some attack vectors - and for inactive packages, it > would only show the doors to attackers. Then it's a good thing that attackers don't have any money and can't afford to buy a checker license themselves. Hiding bugs doesn't make them go away, and pretending we have tools bad people don't is a fallacy. Dave -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
