Le 13/03/2014 11:49, Christian Heimes a écrit : > Thanks a lot David and Victor! The list of security improvements is > missing one, maybe two points that are IMHO relevant: > > * All stdlib modules now support server cert verification including > hostname matching and CRL. CRL? really? I don't remember us doing automatic CRL downloads. > And there is the point with Coverity Scan. We have reached zero defects > about half a year ago and fixed all new defects in a matter of days. > I'll try to keep the defect rate down to zero in the future, too. The > tool has helped me to identify a bunch of security-relevant issues like > buffer overflows, invalid casts and more. It's something worth > mentioning. But I don't want it to sound like an advert... Suggestions? I don't think it should be mentioned at all. General code quality improvements are a given in any release, the fact that the issues were detected by Coverity rather than human scrutiny is a non-information (except as advertising for Coverity). Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4