https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6439
Bill Cole <billc...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |billc...@apache.org
--- Comment #6 from Bill Cole <billc...@apache.org> ---
(In reply to Kent Oyer from comment #5)
> This is still a problem in 2022 (using version 3.4.4). What was decided
> about this?
Nothing. A definite spec and implementation are needed, ideally from someone
who has a real-world flow of messages exploiting the flaw.
> Has it been decided not to fix?
No. Decisions like that would be expressed by closing the ticket. Aside from
Security issues and housekeeping, nearly every PMC decision is done publicly in
bug reports or the public 'dev' mailing list. If a bug report is open, no one
has made a decision to close it.
I don't see this as a "WONTFIX" candidate, and clearly Karsten and Kevin (both
still active contributors and PMC members) thought it needed fixing in the
past. Patches are always welcome. New contributors are always welcome.
> Is it being fixed in version 4?
Not in 4.0.0 unless it is written with lightning speed and works in a way that
doesn't make any member of the PMC scream. Right now we do not have even a
solid specification of what constitutes a fix, i.e. exactly how far do we go in
detecting text-like parts?
I would expect this to be fixed no sooner than 4.0.1, as Sidney has been
working hard on making 4.0.0 release-worthy and is very close to being done.
> Is it worth submitting a patch for version 3?
Probably not. Currently we intend for 3.4.6 to be the terminal v3 release.
Absent a severe security issue that arises before the main distros switch to
4.0, I would not expect another 3.x release.
--
You are receiving this mail because:
You are the assignee for the bug.
