[Namazu-devel-en] Re: [PATCH] potential buffer overrun in namazu.cgi?

Derek Atkins warlord at MIT.EDU
Thu May 18 03:24:41 JST 2006


Quoting Tadamasa Teranishi <yw3t-trns at asahi-net.or.jp>:

>> approach to release engineering..  The time to release a 2.0.17pre1
>> and then a 2.0.17 is no more significant than the time to release a
>> 2.0.17 and then a 2.0.18, so why release pre-releases?
>
> This is a story only that coding assumed that VERSION is within 9
> characters is dangerous.

True.

Now that your changes are in CVS and I can look at them, it would be
easy to add {version} back into your infrastructure.  At the time I
wrote the patch I didn't see your changes.  But I still think I'll
wait for a 2.0.17 release before I update my server.

Thanks,

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



More information about the Namazu-devel-en mailing list