> I see one unsubstantiated allegation about PG intermixed with a ton > of content-free navel-gazing. Don't waste my time.
For instance, when I submitted patches for fulltextindex 7.2 it freely used unchecked sprintf's everywhere. Even now I'm not sure what'll happen if a malicious user really tried to crash it. Anyway, who cares about printfs when stuff like select cash_out(2) is documented? > I have no doubt that some problems remain (cf recent agonizing over > whether there is a buffer overrun problem in the date parser) ... > but unspecific rumors don't help anyone. As always, the best form of > criticism is a diff -c patch. Maybe we could form a bunch of people on this list interested in checking for security issues and fixing them. I'd be in, time be willing... Chris ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
