too long a gap between releases
espie at nerim.net
Mon Oct 27 01:07:26 EST 2003
I just glanced at recent rsync messages, and saw the patch from derMouse
together with the rebuffal.
Folks, there is a problem. Patches such as this are *critical* for
portability, especially on 64 bits systems and exotic architectures.
What derMouse did was give you important portability fixes.
And it got brushed off because it doesn't match rsync cvs.
except for the fact that rsync cvs is *not* a released version, that
most people out there use rsync-2.5.6, and it's been the best part
of a year since the last version.
such comments are just one step away from `oh, don't use the released
version, the beta is sooo much better'.
BTW, the `possible security hole' is so similar to the actual security
hole that happened in opensshd a few months back it's scary.
We know that this hole was exploitable, it's amply documented, so
similar issues in rsync would make me very, very wary...
(in fact, I'm going to audit this on OpenBSD)
More information about the rsync