On Sun, Jul 13, 2014 at 02:26:10AM -0500, Shawn K. Quinn wrote:
> On Sat, 2014-07-12 at 23:58 -0700, William Orr wrote:
> > wrt. auditing it, should we send patches here? Or upstream?
>
> I'd send them both places, if they apply cleanly to both sets of code.
> Otherwise, send them here. I'd love to be proven wrong about the
> maintainers not really giving a shit about the users, and accepting
> packages which make gopher browsing "more secure" or "improve the code
> quality" would help.
>
> BTW, I forgot to ask, where are the exploits for this poor quality code?
> i.e. if I'm browsing a gopher site with the current Lynx as root, what
> exactly do I have to stumble upon to get "owned?" Or is it just a "this
> is ugly in a few places" kind of vague feeling by some devs? I have a
> feeling there aren't any (exploits), but I thought I'd ask anyway.
Sigh, you want to make use spend time on writing exploits for every
potential problem found? That means any developemt will grind to a halt.
If you don't trust our judgement, then don't use OpenBSD.
-Otto
