Menu
▾
▴
Re: [htdig-dev] Release this code! 3.2 is done!??!
|
From: Jim <li...@yg...> - 2005-02-26 03:05:35
|
On Fri, 25 Feb 2005, Neal Richter wrote: > Hey all, > This think we should just call it a day on version 3.2 and release > it. Any objections? I think we should at least take a look at the current bug list and see if there is anything that deserves attention before going to 3.2. I know that there is at least one major bug in SSL handling. I provided a possible fix but never received any feedback. I also didn't receive any response when I asked about getting sufficient access to apply the patch and perhaps do some other project related housekeeping. Probably just bad timing; I know everyone is very busy. I am also aware of an argument parsing bug in the external parser code that I tracked down when following up on a problem reported on the htdig-general list. I don't think this one ever made it to the bug list. In addition we should really follow up on the cross-site scripting vulnerability that was recently reported for ht://Dig. http://securitytracker.com/alerts/2005/Feb/1013078.html Gentoo, Red Hat, and Debian have already released fixes, and I don't think it has even been discussed here aside from one message asking about the vulnerability on htdig-general. > Geoff: could you create a release tarball (and maybe create a > document detailed how you generaly do this) If there is existing documentation describing the process, or someone with a clue is willing to walk me through it, I would be willing to try taking over this task for future releases. Jim |
