[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: kmail
From: George Staikos <staikos () kde ! org>
Date: 2005-02-08 0:45:25
Message-ID: 200502071945.25919.staikos () kde ! org
[Download RAW message or body]
On Monday 07 February 2005 19:39, Ingo Klöcker wrote:
> On Tuesday 08 February 2005 00:17, Dave Feustel wrote:
> > When was the last time, if ever, that kmail
> > source code was subjected to a security audit?
>
> Since KMail is Free Software and thus its source code is freely
> available we can't answer this question. The only thing I can say is
> that I'm not aware of any KDE developer every performing a security
> audit of KMail (apart from some potentially dangerous usage of some
> dangerous libc functions which was fixed just before KDE 3.1 (?) in all
> of KDE).
>
> Is there any particular reason why you ask? Or is it just general
> curiosity?
>
> If you discover some security problems then please notify
> security@kde.org.
Yes around the 3.1 timeframe we did a systematic search of all the code in
KDE for various identified problematic patterns. This didn't generally cover
higher level flaws (ex: design flaws vs. implementation flaws).
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic