[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nmh-workers] 1.7 release date

From: Lyndon Nerenberg
Subject: [Nmh-workers] 1.7 release date
Date: Mon, 24 Oct 2016 19:19:58 -0700

A couple of comments have come up about when to release 1.7.  Given all the 
thrashing of string/buffer manipulation code that has taken place over the last 
week and a bit, I don't think we can even think about baking this code now for 
at least a couple of months.  We have just hammered on the most security 
vulnerable part of the code base, having done no prior analysis, nor 
identifying any know gaping wounds in the code.

This scares me.  This is code rewrite for religious purposes, and that is 
ALWAYS wrong.  How are we going to validate all these memory/buffer/string 
related changes to ensure they have not introduced NEW bugs?  

Ralph, what is your plan for code verification of these changes you are making? 
 The current regression tests can't come anywhere near dealing with this.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]