Updating Cyrus Bylaws
jan.parcel at oracle.com
Mon Aug 27 12:55:48 EDT 2018
On 8/27/2018 6:40 AM, Bron Gondwana wrote:
> On Mon, Aug 27, 2018, at 09:49, Dilyan Palauzov wrote:
>> isn't it time to update the Cyrus Bylaws
>> https://www.cyrusimap.org/overview/cyrus_bylaws.html ?
> Perhaps. This is the first time it's been raised in my memory, at
> least since we last updated them. We do have a plan to update code
> licensing and possibly rehome the websites and copyrights, since CMU
> no longer have a strong interest in maintaining the project.
>> Are the concerns raised recently by Quanah the only blockers for cyrus
>> sasl 2.1.27 and what reasons prevent releasing cyrus sasl 2.1.27
>> within two months?
> I will leave this for Ken to answer, as SASL is more his department.
> I believe the blockers were waiting on testing to ensure there wasn't
> any regression - the cyrus-sasl code doesn't have a comprehensive test
> Bron Gondwana, CEO, FastMail Pty Ltd
> brong at fastmailteam.com
I would like to see something official about handling vulnerabilities.
That ref count leak I found should have been handled as a CVE -- the CVE
-organization person did email me and admit he had dropped the ball, he
was notified and never got back to libsasl folks. I can see that for a
low-CVSS-score vulnerability (the attack required login to the affected
machine) but someday a buffer overflow may turn out to be a high-score
I'll look for that old email, but I'm not sure what to search on.
Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cyrus-devel