kmail
George Staikos
staikos at kde.org
Tue Feb 8 00:45:25 GMT 2005
On Monday 07 February 2005 19:39, Ingo Klöcker wrote:
> On Tuesday 08 February 2005 00:17, Dave Feustel wrote:
> > When was the last time, if ever, that kmail
> > source code was subjected to a security audit?
>
> Since KMail is Free Software and thus its source code is freely
> available we can't answer this question. The only thing I can say is
> that I'm not aware of any KDE developer every performing a security
> audit of KMail (apart from some potentially dangerous usage of some
> dangerous libc functions which was fixed just before KDE 3.1 (?) in all
> of KDE).
>
> Is there any particular reason why you ask? Or is it just general
> curiosity?
>
> If you discover some security problems then please notify
> security at kde.org.
Yes around the 3.1 timeframe we did a systematic search of all the code in
KDE for various identified problematic patterns. This didn't generally cover
higher level flaws (ex: design flaws vs. implementation flaws).
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list