Comment #13 on issue 192 by [email protected]: Crash when sending
specially crafted packet
http://code.google.com/p/memcached/issues/detail?id=192
for what it's worth, I was hoping to get this in on the "next" release, but
I haven't had time to untangle what's sitting in HEAD and roll in other
bugs.
This bug, like many of the other open issues, has some shitty patches with
no tests, no explanation, and this codebase is complicated enough that
there're often better ways to fix things. A bulk of the "Security patches"
I've had for memcached do nothing but open a different hole later on. I
really do not have time for this bullshit.
I've had security patches on here where applying it actually opens a worse
hole later on in the code: so these things end up being a pretty big burden
and can take hours to validate.
I was also hoping to sidestep the issue entirely by releasing 1.5, which
was largely rewritten, but that never happened. Every productive and sane
committer ends up hired into a company which "loosely competes" with
memcached, and is hard to secure time or motivation myself.
Now you fucking dinks have made me write a comment defending a lack of
security fixes to a popular OSS daemon. I hope you can rub out a good one
on this.
Let me know when someone stands up to write a test case and fucking prove
their patch doesn't make things worse later on in the code. Stop
cargo-culting patterns for security holes and do work like a fucking
functional adult should.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
