httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@decus.org (Rodent of Unusual Size)
Subject Re: snprintf()
Date Tue, 07 Jan 1997 15:26:15 GMT
>From the fingers of Rob Hartill flowed the following:
>
>I'd prefer we release 1.2 sooner rather than later and as something that
>resembles 1.2b1.

    Is the snprintf() issue a bug fix, or a new feature?  If a bug fix
    touches enough code, does it *become* a feature?

    Personally, I agree with Rob on closing 1.2 with no more features
    than have been added to date (fewer would be nice ;-).  I've always
    felt a bit uncomfortable with stuff to any software added during a
    beta cycle.  On the other hand, since it's unclear to me when the
    next release beyond 1.2 will hit the wire, I'd like to see the
    buffer overrun potential removed from 1.2 before final release.  I
    think that's too big a vulnerability in a high-quality server as
    widely deployed as Apache.  If we don't close it now, there probably
    *will* be a 1.2.1..

>If we put in a snprintf before 1.2, I'd be amazed if it turned out to
>be the last big change.

    Is there a lower-impact way of closing the hole that would suit you
    for 1.2, Rob?  Should it be left open for now and closed as part of
    2.0?

>Let's get 1.2 out and start on 2.0. If we've got some big patches ready
>for 2.0 then it starts its -dev life with some momentum.

    +1, although I suspect 1.3 might need to be opened in parallel if
    2.0's latency is too great.

    Just MHO..

    #ken    :-)}

Mime
View raw message