Re: Interesting message about printf()'s in PostgreSQL

> I see one unsubstantiated allegation about PG intermixed with a ton
> of content-free navel-gazing.  Don't waste my time.

For instance, when I submitted patches for fulltextindex 7.2 it freely used
unchecked sprintf's everywhere.  Even now I'm not sure what'll happen if a
malicious user really tried to crash it.  Anyway, who cares about printfs
when stuff like select cash_out(2) is documented?

> I have no doubt that some problems remain (cf recent agonizing over
> whether there is a buffer overrun problem in the date parser) ...
> but unspecific rumors don't help anyone.  As always, the best form of
> criticism is a diff -c patch.

Maybe we could form a bunch of people on this list interested in checking
for security issues and fixing them.  I'd be in, time be willing...

Chris