On Thu, Feb 6, 2014 at 5:23 AM, Christopher Jones
<[email protected]> wrote:
>
> On 2/5/14 7:56 PM, Yasuo Ohgaki wrote:
>>
>> Hi all,
>>
>> Padraic gave me an another idea of additional mitigation for this.
>
>
> What's the status of the RFC?
Voting phase
> It's listed as under voting but there
> is deep discussion still ongoing.
Yes, a request for peer review has been asked, that's why I asked a
couple of security related contacts to take a look at the code. It
cannot hurt.
> The RFC is very short on technical
> detail. It is also lacking an end-of-vote date.
It is one week, so let add it :)
> It's not clear what
> the RFCs path forward is. (If this info is in a mail thread, but not
> in the RFC then remember readers/voters should not have to trawl
> internals mail to understand the proposal and its direction).
>
> Personally, I suggest the vote be closed/withdrawn with the assumption
> the concept was accepted 15 to 1. Then work on the code until a
> mutually acceptable and useful implementation is found. After that, a
> quick vote can be made on the implementation.
We do not have to over react here, it is, for a change, that there is
clear concensus about the need or wish for this feature. It is not a
trivial thing to implement but we have time to make it rock solid
until final 5.6.0.
Cheers,
--
Pierre
@pierrejoye | http://www.libgd.org