On Thursday 04 June 2009, Mansour Moufid wrote: > Hello list, > > I was wondering if I could get peoples' opinions of dev-util/splint > (the Secure Programming Lint) [1], and specifically in the context of > development on Gentoo -- if you've used this tool before and if you > did or didn't find it useful? > > I noticed it wasn't listed as a source code audit aid on the Gentoo > Audit project page [2]. Is there a specific reason for this or was > simply an oversight? I wouldn't mind contributing a brief paragraph > or so on the subject.
Hi Mansour, I will add the item to the list -- the other tools do not have any description either. However note that the Auditing project is currently in a sleeping state. No one is auditing code in the tree for new vulnerabilities (at least not as part of the project). If you have an interest in this subject and would like to participate in reviving the project, that would be great. It can be a way to become a Gentoo developer and participate in a great community, and to cooperate with others in the Security project and other vendors. But keep in mind there is a certain amount of work that comes with this. Robert
signature.asc
Description: This is a digitally signed message part.
