Is it worth someone proactively changing all calls to 'sprintf' to
'g_snprintf'?
This might make them a little happier?
I'd do it; but I don't have SVN write access, so someone would end up
having to merge all the patches anyway :-(
Cheers
Giles
-----Original Message-----
From: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Gerald Combs
Sent: Sunday, August 22, 2004 7:49 PM
To: 'Ethereal-Dev'
Subject: [Ethereal-dev] Harsh criticism from the OpenBSD folks
From
http://www.openbsd.org/cgi-bin/cvsweb/ports/net/ethereal/Attic/Makefile?
hideattic=0
"Remove ethereal from the ports tree. Right during 3.5, it had more
than a dozen remote holes being fixed, that we shipped with. Weeks
later things have not improved, and there continue to be problems
reported to bugtraq, and respective band-aids - but it is clear the
ethereal team does not care about security, as new protocols get added,
and nothing gets done about the many more holes that exist.
Maybe someone will at least privilege separate this one day, and then
the OpenBSD stance with respect to this may change.
Encouraging people to run broken software by distributing packages
with known security holes is not desired by any of us."
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev