This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: 3.2 PATCH: Ada parallel bootstrap fixes
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- To: Florian Weimer <fw at deneb dot enyo dot de>
- Cc: Robert Dewar <dewar at gnat dot com>, <pfeifer at dbai dot tuwien dot ac dot at>, <gcc at gcc dot gnu dot org>, <ro at TechFak dot Uni-Bielefeld dot DE>
- Date: Sat, 18 May 2002 12:50:33 +0100 (BST)
- Subject: Re: 3.2 PATCH: Ada parallel bootstrap fixes
On Sat, 18 May 2002, Florian Weimer wrote:
> Nowadays, hardly any C vendor would consider such issues
> insignificant, and state that the security conscious programmer should
> not use these interfaces anyway (some comment on comp.lang.ada, IIRC
> not from Robert).
Indeed, my position is that security problems are automatically
significant.
> Additional buffer overflow problems are mentioned in the following
> message:
>
> http://gcc.gnu.org/ml/gcc-patches/2001-10/msg01039.html
>
> Shall I submit individual bug reports for them? IMHO, this doesn't
> make much sense if I'm still the only persone who cares about these
> problems.
If you have unreviewed patches (security or otherwise), you should send
monthly reminders asking for them to be reviewed. (Actually, I think that
part of contribute.html should suggest sending a reminder if there's no
review after a week, not a month, since it's rare for a patch unreviewed
after a week to get a review at all without a reminder. In the case of
security patches, daily reminders would be more appropriate; you should
also try to get security patches onto the 3.1 branch as well as mainline.)
If you have problems with no PR filed and no patch, submit PRs for them.
Submit an advisory to bugtraq for any problems submitted as patches or PRs
significantly in advance of a release (3.1 or 3.1.1) with no fix in that
release.
--
Joseph S. Myers
jsm28@cam.ac.uk