lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev 2.8.1 release


From: Bela Lubkin
Subject: Re: lynx-dev 2.8.1 release
Date: Tue, 1 Sep 1998 17:13:22 -0700

Henry Nelson Eric wrote:

> This quasi-pseudo sysadmin waits for the concrete to harden, 
> and tries to check that the refor bar is up to code.  Don't 
> pay a lot of attention to numbers.  Won't be updating a general- 
> use Lynx, anyway, until I hear an okay from Bela. 

You're referring to my complaints about /tmp security.  My opinion:
there is currently no /tmp-security-related reason to upgrade or not
upgrade.  Every version of Lynx that has ever existed has /tmp security
holes.  Tom recently introduced a somewhat more obvious one (and then I
think retracted it -- I haven't had time to look at code past about
dev19).

Actually, to be clearer, if Tom has implemented what it sounded like he
was planning, the current dev code *is* tighter than before.  It still
has problems, though.

So if you mean "I will avoid going through the upgrade hassle twice, by
waiting for security fixes", that makes sense.  If you're holding back
because you think you would be *introducing* a new security problem, you
are mistaken.

Tom Dickey wrote:

> right - he indicated that he'd send some changes (I think) late this month.

I don't remember for sure, but I certainly intended to be vague about
when I would have time...  I'm still dealing with lots of issues
relating to having bought a house; and my group at work is busier than
usual.  So my time is rather thin.

Don't let my security ravings hold up the 2.8.1 release.  Fixing the
problem will require a holistic view, obtainable only by a day or two of
concentrated work; I really don't know when I'll be able to get to it.
(My *intention* is to find that time somewhere in the next month or two,
but this is neither a promise nor a prediction, just a hope.)

>Bela<

reply via email to

[Prev in Thread] Current Thread [Next in Thread]