What about cyrus-sasl?

Bron Gondwana brong at fastmail.fm
Thu Feb 19 15:55:39 EST 2015


On Fri, Feb 20, 2015, at 06:59 AM, Jan Parcel wrote:
> 3 questions:
> 
> 1. Apparently, from the mail about all the great things planned for 
> 2015, "Cyrus" means cyrus-imap?  Is this alias also for cyrus-sasl 
> development?  If not, is there another?

Pretty much, Cyrus IMAP is the headline part, and the bit I care about.
If there's a SASL champion who would like to take the lead on that
project, it would be fantastic.

> 2. For either of the projects,  where can we send notification and 
> patches for   possible or probable vulnerabilities?  Especially if we 
> don't have time to prove there are exploits
> for a particular buffer overflow or NULL dereference?

In theory, bugzilla is the place.  The issue, of course, is confidentiality.
Right now the answer is probably myself or Ken Murchison at CMU.

> 3.  When I go to look for the "latest" code, I see a red "HEAD" button 
> and a green "master" button.
>    Should I pull from one of those if I want to  see what's available 
> (read-only)   or
>      Which should I pull from if I want to contribute (eventually I'll 
> have bug fixes.)

Pull the entire git repository is best.  Those buttons are both just tag
markers which point to the same commit.  Patches should always be
against either master, or if they are only appropriate to previous revisions,
against the mainline branch for that release (i.e. cyrus-imapd-2.4)

Regards,

Bron.

-- 
  Bron Gondwana
  brong at fastmail.fm


More information about the Cyrus-devel mailing list