[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kmail
From:       George Staikos <staikos () kde ! org>
Date:       2005-02-08 0:45:25
Message-ID: 200502071945.25919.staikos () kde ! org
[Download RAW message or body]

On Monday 07 February 2005 19:39, Ingo Klöcker wrote:
> On Tuesday 08 February 2005 00:17, Dave Feustel wrote:
> > When was the last time, if ever, that kmail
> > source code was subjected to a security audit?
>
> Since KMail is Free Software and thus its source code is freely
> available we can't answer this question. The only thing I can say is
> that I'm not aware of any KDE developer every performing a security
> audit of KMail (apart from some potentially dangerous usage of some
> dangerous libc functions which was fixed just before KDE 3.1 (?) in all
> of KDE).
>
> Is there any particular reason why you ask? Or is it just general
> curiosity?
>
> If you discover some security problems then please notify
> security@kde.org.

  Yes around the 3.1 timeframe we did a systematic search of all the code in 
KDE for various identified problematic patterns.  This didn't generally cover 
higher level flaws (ex: design flaws vs. implementation flaws).

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/
[prev in list] [next in list] [prev in thread] [next in thread]