A couple of comments have come up about when to release 1.7. Given all the
thrashing of string/buffer manipulation code that has taken place over the last
week and a bit, I don't think we can even think about baking this code now for
at least a couple of months. We have just hammered on the most security
vulnerable part of the code base, having done no prior analysis, nor
identifying any know gaping wounds in the code.
This scares me. This is code rewrite for religious purposes, and that is
ALWAYS wrong. How are we going to validate all these memory/buffer/string
related changes to ensure they have not introduced NEW bugs?
Ralph, what is your plan for code verification of these changes you are making?
The current regression tests can't come anywhere near dealing with this.
--lyndon
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers