| From: | Justin Clift <justin(at)postgresql(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Neil Conway <neilc(at)samurai(dot)com>, Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>, Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
| Date: | 2002-08-21 16:42:38 |
| Message-ID: | 3D63C2FE.8D6C059A@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian wrote:
>
> We learned a few lessons from previous releases. First, don't delay
> the beta by days/weeks that drag on. Delay one month at a time.
> Second, don't decide on a further delay the day before you are going to
> go beta. Multiple short-period delays and delays that happen at the
> last minute cause too many stops/starts for developers to be effective,
> so...
>
> If we are going to delay beta, we should decide now, not at the end of
> August, and the delay should be until the end of September. The big
> question is whether we have enough material to warrant a delay.
Only two things which have the potential to be worth waiting for, from
what I'm aware of. There may be others:
- Find out from Sir Mordred if he wants to take a look at the CVS
version of code and audit in that for a bit, Just In Case he turns
up something that's serious and requires substantial re-work.
Although it means he wouldn't have a bunch of "I found this existing
exploit" type releases, we could instead offer him credit on the
press release along the lines of "This released has been audited for
security flaws in its code by Sir Mordred". Am pretty sure he'd
do a very thorough job for that, as it means he'd have an official
"product reputation" he'd need to stand by for it.
- Patches to the CVS tree which let us have a truly native windows
version. This is of huge significance and would *very* much improve
our growth and adoption by being in this release in comparison to
being in the release afterwards. Not in an airy fairy way, but
quite definitely and solidly.
Of the two, Sir Mordred may or may not be willing, so that's kind of
iffy, whereas the Windows Native port which is in beta testing isn't
in too bad a state at all already. Have been running preliminary
multi-user AS3AP tests on it (with OSDB) and getting a significant
performance throughput increase in comparison to the cygwin version.
:)
Hope I'm not pushing too strongly for this, as, after all, I can't do
the coding needed here. :(
Regards and best wishes,
Justin Clift
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-08-21 16:56:23 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Previous Message | Zeugswetter Andreas SB SD | 2002-08-21 16:41:54 | delay beta ? (was: RE: @(#)Mordred Labs advisory 0x0003: Buffer overflow in) |