From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Justin Clift <justin(at)postgresql(dot)org> |
Cc: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Neil Conway <neilc(at)samurai(dot)com>, Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>, Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
Date: | 2002-08-21 17:13:27 |
Message-ID: | 200208211713.g7LHDRa28373@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Justin Clift wrote:
> Bruce Momjian wrote:
> >
> > Justin Clift wrote:
> > > Only two things which have the potential to be worth waiting for, from
> > > what I'm aware of. There may be others:
> > >
> > > - Find out from Sir Mordred if he wants to take a look at the CVS
> > > version of code and audit in that for a bit, Just In Case he turns
> > > up something that's serious and requires substantial re-work.
> > > Although it means he wouldn't have a bunch of "I found this existing
> > > exploit" type releases, we could instead offer him credit on the
> > > press release along the lines of "This released has been audited for
> > > security flaws in its code by Sir Mordred". Am pretty sure he'd
> > > do a very thorough job for that, as it means he'd have an official
> > > "product reputation" he'd need to stand by for it.
> >
> > This is interesting. He would have a month to do it.
>
> Reckon it's worth asking him, to find out if he'd be interested in this?
I wouldn't do it yet until we know if we are going to delay.
> > > - Patches to the CVS tree which let us have a truly native windows
> > > version. This is of huge significance and would *very* much improve
> > > our growth and adoption by being in this release in comparison to
> > > being in the release afterwards. Not in an airy fairy way, but
> > > quite definitely and solidly.
> > >
> > > Of the two, Sir Mordred may or may not be willing, so that's kind of
> > > iffy, whereas the Windows Native port which is in beta testing isn't
> > > in too bad a state at all already. Have been running preliminary
> > > multi-user AS3AP tests on it (with OSDB) and getting a significant
> > > performance throughput increase in comparison to the cygwin version.
> >
> > OK, now I have to ask, where did this native Windows version come from?
> > I don't know anything about it, except that Jan and SRA are both working
> > on versions.
>
> It was kind of quietly let slip out:
>
> http://archives.postgresql.org/pgsql-cygwin/2002-08/msg00012.php
>
> But, it's definitely up and running and functional and pretty decent.
Oh, so it is Jan's group. Great news; wish someone would have told me
sooner. I removed the Win32 off the open items list because, with no
info and no one commenting on the item, it seemed dead for 7.3.
> > The other issue is PITR, which I have been told today will not be ready
> > for a September 1 beta but may be ready for an October 1 beta.
>
> Useful, but not sure it's worth delaying even *further* for.
Well, PITR is a much more desired feature even than Win32; the big
question is how long PITR will actually take, seeing as we haven't see
any patches yet.
However, we haven't seen any Win32 patches yet either, so they are in
the same boat as far as I am concerned.
We have an open items list that is pretty much ready for 7.3. The only
open items of significance left is whether schema/DROP COLUMN stuff is
ready in all the interfaces/apps.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Attachment | Content-Type | Size |
---|---|---|
unknown_filename | text/plain | 978 bytes |
From | Date | Subject | |
---|---|---|---|
Next Message | Zeugswetter Andreas SB SD | 2002-08-21 17:18:46 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
Previous Message | Justin Clift | 2002-08-21 17:04:56 | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |