Postgres Pro
Downloads
Home   >   mailing lists

Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in - Mailing list pgsql-hackers

From Justin Clift
Subject Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in
Date
Msg-id 3D63C2FE.8D6C059A@postgresql.org
Whole thread Raw
In response to Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in  (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in  (Bruce Momjian <pgman@candle.pha.pa.us>)
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in  ("Marc G. Fournier" <scrappy@hub.org>)
List pgsql-hackers
Tree view 
Bruce Momjian wrote:
> 
> We learned a few lessons from previous releases.  First, don't delay
> the beta by days/weeks that drag on.  Delay one month at a time.
> Second, don't decide on a further delay the day before you are going to
> go beta.  Multiple short-period delays and delays that happen at the
> last minute cause too many stops/starts for developers to be effective,
> so...
> 
> If we are going to delay beta, we should decide now, not at the end of
> August, and the delay should be until the end of September.  The big
> question is whether we have enough material to warrant a delay.

Only two things which have the potential to be worth waiting for, from
what I'm aware of.  There may be others:
- Find out from Sir Mordred if he wants to take a look at the CVS  version of code and audit in that for a bit, Just In
Casehe turns  up something that's serious and requires substantial re-work.  Although it means he wouldn't have a bunch
of"I found this existing  exploit" type releases, we could instead offer him credit on the  press release along the
linesof "This released has been audited for  security flaws in its code by Sir Mordred".  Am pretty sure he'd  do a
verythorough job for that, as it means he'd have an official  "product reputation" he'd need to stand by for it.
 
- Patches to the CVS tree which let us have a truly native windows  version.  This is of huge significance and would
*very*much improve  our growth and adoption by being in this release in comparison to  being in the release afterwards.
Not in an airy fairy way, but  quite definitely and solidly.
 

Of the two, Sir Mordred may or may not be willing, so that's kind of
iffy, whereas the Windows Native port which is in beta testing isn't
in too bad a state at all already.  Have been running preliminary
multi-user AS3AP tests on it (with OSDB) and getting a significant
performance throughput increase in comparison to the cygwin version.

:)

Hope I'm not pushing too strongly for this, as, after all, I can't do
the coding needed here.  :(

Regards and best wishes,

Justin Clift

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi

pgsql-hackers by date:

Previous
From: "Zeugswetter Andreas SB SD"
Date:
Subject: delay beta ? (was: RE: @(#)Mordred Labs advisory 0x0003: Buffer overflow in)
Next
From: Tom Lane
Date:
Subject: Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in