Updating Cyrus Bylaws

jan parcel jan.parcel at oracle.com
Mon Aug 27 12:55:48 EDT 2018

On 8/27/2018 6:40 AM, Bron Gondwana wrote:
> On Mon, Aug 27, 2018, at 09:49, Dilyan Palauzov wrote:
>> Hello,
>> isn't it time to update the Cyrus Bylaws
>> https://www.cyrusimap.org/overview/cyrus_bylaws.html ?
> Perhaps.  This is the first time it's been raised in my memory, at 
> least since we last updated them.  We do have a plan to update code 
> licensing and possibly rehome the websites and copyrights, since CMU 
> no longer have a strong interest in maintaining the project.
>> Are the concerns raised recently by Quanah the only blockers for cyrus
>> sasl 2.1.27 and what reasons prevent releasing cyrus sasl 2.1.27
>> within two months?
> I will leave this for Ken to answer, as SASL is more his department.  
> I believe the blockers were waiting on testing to ensure there wasn't 
> any regression - the cyrus-sasl code doesn't have a comprehensive test 
> suite.
> Regards,
> Bron.
> --
>   Bron Gondwana, CEO, FastMail Pty Ltd
>   brong at fastmailteam.com
I would like to see something official about handling vulnerabilities.  
That ref count leak I found should have been handled as a CVE -- the CVE 
-organization person did email me and admit he had dropped the ball,  he 
was notified and never got back to libsasl folks.  I can see that for a
low-CVSS-score vulnerability (the attack required login to the affected 
machine) but someday a buffer overflow may turn out to be a high-score 

I'll look for that old email, but I'm not sure what to search on.


Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20180827/3ded2cdc/attachment.html>

More information about the Cyrus-devel mailing list