Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in
| От | Justin Clift |
|---|---|
| Тема | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
| Дата | |
| Msg-id | 3D63C2FE.8D6C059A@postgresql.org обсуждение исходный текст |
| Ответ на | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Ответы |
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
| Список | pgsql-hackers |
Bruce Momjian wrote: > > We learned a few lessons from previous releases. First, don't delay > the beta by days/weeks that drag on. Delay one month at a time. > Second, don't decide on a further delay the day before you are going to > go beta. Multiple short-period delays and delays that happen at the > last minute cause too many stops/starts for developers to be effective, > so... > > If we are going to delay beta, we should decide now, not at the end of > August, and the delay should be until the end of September. The big > question is whether we have enough material to warrant a delay. Only two things which have the potential to be worth waiting for, from what I'm aware of. There may be others: - Find out from Sir Mordred if he wants to take a look at the CVS version of code and audit in that for a bit, Just In Casehe turns up something that's serious and requires substantial re-work. Although it means he wouldn't have a bunch of"I found this existing exploit" type releases, we could instead offer him credit on the press release along the linesof "This released has been audited for security flaws in its code by Sir Mordred". Am pretty sure he'd do a verythorough job for that, as it means he'd have an official "product reputation" he'd need to stand by for it. - Patches to the CVS tree which let us have a truly native windows version. This is of huge significance and would *very*much improve our growth and adoption by being in this release in comparison to being in the release afterwards. Not in an airy fairy way, but quite definitely and solidly. Of the two, Sir Mordred may or may not be willing, so that's kind of iffy, whereas the Windows Native port which is in beta testing isn't in too bad a state at all already. Have been running preliminary multi-user AS3AP tests on it (with OSDB) and getting a significant performance throughput increase in comparison to the cygwin version. :) Hope I'm not pushing too strongly for this, as, after all, I can't do the coding needed here. :( Regards and best wishes, Justin Clift -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
В списке pgsql-hackers по дате отправления: