/.../ what is necessary to get security out of an experimental stage to warant its inclusion in the default?
Well, I've already given my view on that: It's a matter of measuring the overhead it gives when it isn't used and, if necessary, reduce that to an acceptable level. It also needs to be tested for stability, which essentially means that it's verified to not fail the testsuite and then turned on by default in the development branch.
/.../ i don't see this situation changing unless something is done proactively.
It hasn't gotten further simply because noone have had enough need for it to do something about it. So just go ahead and get hacking; the 7.5 branch is open.
/ Martin Stjernholm, Roxen IS
Previous text:
2003-04-06 01:08: Subject: Re: pike security (was: sTeam DoS vulnerability (no longer is: Do we have a floatingpoint bug?))
well, the ability to have security compiled in without using it essentially amounts to it being a runtime option, if the mere existance of compiled in security has no negative on those not using it.
if that is the expected outcome then an aditional runtime switch adds no value and the question boils down to: what is necessary to get security out of an experimental stage to warant its inclusion in the default?
given that it has not been worked on for a few years, and only very few people use it, i don't see this situation changing unless something is done proactively.
greetings, martin.
/ Brevbäraren