A couple of comments have come up about when to release 1.7. Given all the thrashing of string/buffer manipulation code that has taken place over the last week and a bit, I don't think we can even think about baking this code now for at least a couple of months. We have just hammered on the most security vulnerable part of the code base, having done no prior analysis, nor identifying any know gaping wounds in the code.
This scares me. This is code rewrite for religious purposes, and that is ALWAYS wrong. How are we going to validate all these memory/buffer/string related changes to ensure they have not introduced NEW bugs? Ralph, what is your plan for code verification of these changes you are making? The current regression tests can't come anywhere near dealing with this. --lyndon _______________________________________________ Nmh-workers mailing list Nmh-workers@nongnu.org https://lists.nongnu.org/mailman/listinfo/nmh-workers
