> If it is possible for a hostile outsider to trigger the DOS by sending > mail to be processed by an application using the library, and the > application can't avoid the DOS without ditching / forking / > monkeypatching the library, then I would call the bug a "security bug", > period. IIUC, it would have been straight forward for the mail servers to avoid the DOS: simply truncate log lines to 1024 bytes, or something. > As for backward compatibility: any application which is depending on > getting arbitrarily-long lines in its logfile is already insane, and > should be scrapped. That's not the point. The point is that the very old releases don't get sufficient review for bug fixes, because too few people care about them. So a systematic, efficient review by a single person of the entire release must be possible. This is only possible if the number of changes is kept to an absolute minimum - just the patches targeted at the audience of these releases. Regards, Martin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4