| From: | Justin Clift <justin(at)postgresql(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Neil Conway <neilc(at)samurai(dot)com>, Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>, Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
| Date: | 2002-08-21 17:04:56 |
| Message-ID: | 3D63C838.BBD8CF76@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian wrote:
>
> Justin Clift wrote:
> > Only two things which have the potential to be worth waiting for, from
> > what I'm aware of. There may be others:
> >
> > - Find out from Sir Mordred if he wants to take a look at the CVS
> > version of code and audit in that for a bit, Just In Case he turns
> > up something that's serious and requires substantial re-work.
> > Although it means he wouldn't have a bunch of "I found this existing
> > exploit" type releases, we could instead offer him credit on the
> > press release along the lines of "This released has been audited for
> > security flaws in its code by Sir Mordred". Am pretty sure he'd
> > do a very thorough job for that, as it means he'd have an official
> > "product reputation" he'd need to stand by for it.
>
> This is interesting. He would have a month to do it.
Reckon it's worth asking him, to find out if he'd be interested in this?
> > - Patches to the CVS tree which let us have a truly native windows
> > version. This is of huge significance and would *very* much improve
> > our growth and adoption by being in this release in comparison to
> > being in the release afterwards. Not in an airy fairy way, but
> > quite definitely and solidly.
> >
> > Of the two, Sir Mordred may or may not be willing, so that's kind of
> > iffy, whereas the Windows Native port which is in beta testing isn't
> > in too bad a state at all already. Have been running preliminary
> > multi-user AS3AP tests on it (with OSDB) and getting a significant
> > performance throughput increase in comparison to the cygwin version.
>
> OK, now I have to ask, where did this native Windows version come from?
> I don't know anything about it, except that Jan and SRA are both working
> on versions.
It was kind of quietly let slip out:
http://archives.postgresql.org/pgsql-cygwin/2002-08/msg00012.php
But, it's definitely up and running and functional and pretty decent.
:-)
> The other issue is PITR, which I have been told today will not be ready
> for a September 1 beta but may be ready for an October 1 beta.
Useful, but not sure it's worth delaying even *further* for.
+ Justin
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square, Pennsylvania 19073
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-21 17:13:27 | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
| Previous Message | Bruce Momjian | 2002-08-21 16:59:50 | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |