Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 04:36:52 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: The cmp_all() of cq

On Sat, Aug 22, 2015 at 03:32:47AM +0200, Frank Dittrich wrote:
> On 08/22/2015 03:16 AM, Solar Designer wrote:
> > However, for --test-full it's a matter of us making a decision on
> > whether we want the tests to be aggressive (and occasionally warn about
> > non-issues) or not (avoiding any false positive warnings, but also
> > missing some real issues).
> 
> We could have the more aggressive tests being reported only at a higher
> --verbosity=N level, not for default verbosity.
> But may be then they'll never get tested.
> So, may be report at the end of the --test-full run that there were
> problems detected which weren't reported in detail due to --verbosity level?

I think --test-full is primarily our own debugging feature.  If someone
uses it, they're fine with the verbosity.  No need to separately check
the verbosity level.

In this case, we're talking at most one spurious warning per format, and
we'll mute the known false positive ones with a whitelist in Kai's code.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ