Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in

On Thu, 22 Aug 2002, Justin Clift wrote:

> - Find out from Sir Mordred if he wants to take a look at the CVS
> version of code and audit in that for a bit, Just In Case he turns
> up something that's serious and requires substantial re-work.
> Although it means he wouldn't have a bunch of "I found this existing
> exploit" type releases, we could instead offer him credit on the
> press release along the lines of "This released has been audited for
> security flaws in its code by Sir Mordred". Am pretty sure he'd
> do a very thorough job for that, as it means he'd have an official
> "product reputation" he'd need to stand by for it.

"Security Relatd Fixed" are applicable for adoption during the beta
period, leading up to release ...

> - Patches to the CVS tree which let us have a truly native windows
> version. This is of huge significance and would *very* much improve
> our growth and adoption by being in this release in comparison to
> being in the release afterwards. Not in an airy fairy way, but
> quite definitely and solidly.

If they aren't in by now, they should wait until the next dev cycle ...
unless they are *small* changes ...