[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nmh-workers] 1.7 release date
From: |
Lyndon Nerenberg |
Subject: |
[Nmh-workers] 1.7 release date |
Date: |
Mon, 24 Oct 2016 19:19:58 -0700 |
A couple of comments have come up about when to release 1.7. Given all the
thrashing of string/buffer manipulation code that has taken place over the last
week and a bit, I don't think we can even think about baking this code now for
at least a couple of months. We have just hammered on the most security
vulnerable part of the code base, having done no prior analysis, nor
identifying any know gaping wounds in the code.
This scares me. This is code rewrite for religious purposes, and that is
ALWAYS wrong. How are we going to validate all these memory/buffer/string
related changes to ensure they have not introduced NEW bugs?
Ralph, what is your plan for code verification of these changes you are making?
The current regression tests can't come anywhere near dealing with this.
--lyndon
- [Nmh-workers] 1.7 release date,
Lyndon Nerenberg <=
- Re: [Nmh-workers] 1.7 release date, Ralph Corderoy, 2016/10/29
- Re: [Nmh-workers] 1.7 release date, Lyndon Nerenberg, 2016/10/29
- Re: [Nmh-workers] 1.7 release date, David Levine, 2016/10/29
- Re: [Nmh-workers] 1.7 release date, Lyndon Nerenberg, 2016/10/29
- Re: [Nmh-workers] 1.7 release date, David Levine, 2016/10/30
- Re: [Nmh-workers] 1.7 release date, Ralph Corderoy, 2016/10/30
- Re: [Nmh-workers] 1.7 release date, David Levine, 2016/10/30