On 8/27/2018 6:40 AM, Bron Gondwana wrote:
On Mon, Aug 27, 2018, at 09:49, Dilyan Palauzov wrote:
Hello,
isn't it time to update the Cyrus Bylaws
https://www.cyrusimap.org/overview/cyrus_bylaws.html ?
Perhaps. This is the first time it's been raised in my memory, at
least since we last updated them. We do have a plan to update code
licensing and possibly rehome the websites and copyrights, since CMU
no longer have a strong interest in maintaining the project.
Are the concerns raised recently by Quanah the only blockers for cyrus
sasl 2.1.27 and what reasons prevent releasing cyrus sasl 2.1.27
within two months?
I will leave this for Ken to answer, as SASL is more his department.
I believe the blockers were waiting on testing to ensure there wasn't
any regression - the cyrus-sasl code doesn't have a comprehensive test
suite.
Regards,
Bron.
--
Bron Gondwana, CEO, FastMail Pty Ltd
br...@fastmailteam.com
I would like to see something official about handling vulnerabilities.
That ref count leak I found should have been handled as a CVE -- the CVE
-organization person did email me and admit he had dropped the ball, he
was notified and never got back to libsasl folks. I can see that for a
low-CVSS-score vulnerability (the attack required login to the affected
machine) but someday a buffer overflow may turn out to be a high-score
vulnerability.
I'll look for that old email, but I'm not sure what to search on.
Thanks,
Jan
--
Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering
