[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Re: PSPIC error - "missing argument"

From: Bernd Warken
Subject: Re: [Groff] Re: PSPIC error - "missing argument"
Date: Sun, 16 Jun 2002 00:43:10 +0200
User-agent: Mutt/1.2.5i

On Fri, Jun 14, 2002 at 06:47:00PM +0100, Ralph Corderoy wrote:
> > > > groff still contains a lot of very old code.  If you look at it
> > > > deeply, it is full of subtle bugs.  Moreover, it is absolutely
> > > > insecure (buffer-overflows).
> > > 
> > > Please tell us where.  Such things should be fixed ASAP.
> > 
> > Not now.  After the release.
> Do you mean you won't tell us until after the release, or you will tell
> us but don't think they should be fixed until after the release?
These bugs are not trivial.  Many global variables are not cleanly used.
Most classes are not well designed.  It will be a lot of work.  Have a 
look at <groff_top>/src/libs/libdriver/ to get an idea.  The
changes there fixed some bugs that were inhereted and tolerated since the 
very beginning.

As a second point, security issues from the Secure-Programs-HOWTO are
mandatory for a serious GNU package.  This will imply a heavy usage of
classes.  This would be combined with Unicode integration, so that's a
big deal, too.

The greatest difficulty is the conservatism of the groff elders.
Security in driving cars is a bit more complicated than with bicycles
from the stone age.

Bernd Warken

reply via email to

[Prev in Thread] Current Thread [Next in Thread]