Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in

Justin Clift wrote:
> Only two things which have the potential to be worth waiting for, from
> what I'm aware of. There may be others:
>
> - Find out from Sir Mordred if he wants to take a look at the CVS
> version of code and audit in that for a bit, Just In Case he turns
> up something that's serious and requires substantial re-work.
> Although it means he wouldn't have a bunch of "I found this existing
> exploit" type releases, we could instead offer him credit on the
> press release along the lines of "This released has been audited for
> security flaws in its code by Sir Mordred". Am pretty sure he'd
> do a very thorough job for that, as it means he'd have an official
> "product reputation" he'd need to stand by for it.

This is interesting. He would have a month to do it.

> - Patches to the CVS tree which let us have a truly native windows
> version. This is of huge significance and would *very* much improve
> our growth and adoption by being in this release in comparison to
> being in the release afterwards. Not in an airy fairy way, but
> quite definitely and solidly.
>
> Of the two, Sir Mordred may or may not be willing, so that's kind of
> iffy, whereas the Windows Native port which is in beta testing isn't
> in too bad a state at all already. Have been running preliminary
> multi-user AS3AP tests on it (with OSDB) and getting a significant
> performance throughput increase in comparison to the cygwin version.

OK, now I have to ask, where did this native Windows version come from?
I don't know anything about it, except that Jan and SRA are both working
on versions.

The other issue is PITR, which I have been told today will not be ready
for a September 1 beta but may be ready for an October 1 beta.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073