Re: Debian: automated embedded code copy discovery

2012-02-21 Thread Silvio Cesare
I think it will be ok to avoid using CFinder. It was originally used as an alternative algorithm to find embedded code relationships. However, it has a much higher false positive rate (it detects false relationships when it shouldn't). I was originally considering not using this part of the system

Re: Debian: automated embedded code copy discovery

2012-02-21 Thread Paul Wise
On Tue, 2012-02-21 at 19:04 +1100, Silvio Cesare wrote: > Hi. I think I'll be able to spend March working on it. I will rewrite > parts of and clean up the code and get it ready for packaging. Great! > The system uses a closed source tool called CFinder > (http://www.cfinder.org/) to perform cli

Re: Debian: automated embedded code copy discovery

2012-02-21 Thread Silvio Cesare
Hi. I think I'll be able to spend March working on it. I will rewrite parts of and clean up the code and get it ready for packaging. At this point, providing nothing else comes up I think a rough timeline is March - Refine code so it runs nicely in a Debian environment for Debian as Debian wants

Re: Debian: automated embedded code copy discovery

2012-02-18 Thread Paul Wise
On Tue, 2011-11-29 at 19:21 +1100, Silvio Cesare wrote: > I am likely able to start work on it in the new year. How is your availability now? Are you now able to work on incorporating automated detection of embedded code copies into Debian? -- bye, pabs http://wiki.debian.org/PaulWise signat

Re: Debian: automated embedded code copy discovery

2011-11-29 Thread Paul Wise
On Tue, 2011-11-29 at 19:21 +1100, Silvio Cesare wrote: > Hi, it seems your cc to me last week didn't get through to me. Hmm, OK. > I would be very happy to work with the Debian security team to > incorporate this tool. It was always hoped that it would become part > of a Linux distribution. Ex

Re: Debian: automated embedded code copy discovery

2011-11-29 Thread Silvio Cesare
Hi, it seems your cc to me last week didn't get through to me. I would be very happy to work with the Debian security team to incorporate this tool. It was always hoped that it would become part of a Linux distribution. I am likely able to start work on it in the new year. -- Silvio -- To UNS

Debian: automated embedded code copy discovery

2011-11-22 Thread Paul Wise
Hi all, I recently noted this article about a tool to kill hidden security issues in Linux distros: http://lwn.net/Articles/468894/ http://www.scmagazine.com.au/News/280893,tool-kills-hidden-linux-bugs-vulnerabilities.aspx I note that the researcher's code is open: http://foocodechu.com/main/?q