On Sat, 2014-07-12 at 23:58 -0700, William Orr wrote: > wrt. auditing it, should we send patches here? Or upstream?
I'd send them both places, if they apply cleanly to both sets of code. Otherwise, send them here. I'd love to be proven wrong about the maintainers not really giving a shit about the users, and accepting packages which make gopher browsing "more secure" or "improve the code quality" would help. BTW, I forgot to ask, where are the exploits for this poor quality code? i.e. if I'm browsing a gopher site with the current Lynx as root, what exactly do I have to stumble upon to get "owned?" Or is it just a "this is ugly in a few places" kind of vague feeling by some devs? I have a feeling there aren't any (exploits), but I thought I'd ask anyway. -- Shawn K. Quinn <skqu...@rushpost.com>
