[Nmh-workers] 1.7 release date

nmh-workers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nmh-workers] 1.7 release date

From:	Lyndon Nerenberg
Subject:	[Nmh-workers] 1.7 release date
Date:	Mon, 24 Oct 2016 19:19:58 -0700

A couple of comments have come up about when to release 1.7.  Given all the 
thrashing of string/buffer manipulation code that has taken place over the last 
week and a bit, I don't think we can even think about baking this code now for 
at least a couple of months.  We have just hammered on the most security 
vulnerable part of the code base, having done no prior analysis, nor 
identifying any know gaping wounds in the code.

This scares me.  This is code rewrite for religious purposes, and that is 
ALWAYS wrong.  How are we going to validate all these memory/buffer/string 
related changes to ensure they have not introduced NEW bugs?  

Ralph, what is your plan for code verification of these changes you are making? 
 The current regression tests can't come anywhere near dealing with this.

--lyndon

[Prev in Thread]

Current Thread

[Next in Thread]

[Nmh-workers] 1.7 release date, Lyndon Nerenberg <=
- Re: [Nmh-workers] 1.7 release date, Ralph Corderoy, 2016/10/29
  - Re: [Nmh-workers] 1.7 release date, Lyndon Nerenberg, 2016/10/29
    - Re: [Nmh-workers] 1.7 release date, David Levine, 2016/10/29
    - Re: [Nmh-workers] 1.7 release date, Lyndon Nerenberg, 2016/10/29
    - Re: [Nmh-workers] 1.7 release date, David Levine, 2016/10/30
    - Re: [Nmh-workers] 1.7 release date, Ralph Corderoy, 2016/10/30
    - Re: [Nmh-workers] 1.7 release date, David Levine, 2016/10/30

Prev by Date: Re: [Nmh-workers] strncpy(3), die, die, die.
Next by Date: Re: [Nmh-workers] strncpy(3), die, die, die.
Previous by thread: [Nmh-workers] strncpy(3), die, die, die.
Next by thread: Re: [Nmh-workers] 1.7 release date
Index(es):
- Date
- Thread