On Fri, Feb 20, 2015, at 06:59 AM, Jan Parcel wrote: > 3 questions: > > 1. Apparently, from the mail about all the great things planned for > 2015, "Cyrus" means cyrus-imap? Is this alias also for cyrus-sasl > development? If not, is there another?
Pretty much, Cyrus IMAP is the headline part, and the bit I care about. If there's a SASL champion who would like to take the lead on that project, it would be fantastic. > 2. For either of the projects, where can we send notification and > patches for possible or probable vulnerabilities? Especially if we > don't have time to prove there are exploits > for a particular buffer overflow or NULL dereference? In theory, bugzilla is the place. The issue, of course, is confidentiality. Right now the answer is probably myself or Ken Murchison at CMU. > 3. When I go to look for the "latest" code, I see a red "HEAD" button > and a green "master" button. > Should I pull from one of those if I want to see what's available > (read-only) or > Which should I pull from if I want to contribute (eventually I'll > have bug fixes.) Pull the entire git repository is best. Those buttons are both just tag markers which point to the same commit. Patches should always be against either master, or if they are only appropriate to previous revisions, against the mainline branch for that release (i.e. cyrus-imapd-2.4) Regards, Bron. -- Bron Gondwana br...@fastmail.fm
