[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Credentials held unencrypted in memory during runtime

From: Wayne Johnson <wayne_at_zk.com>
Date: Wed, 13 Apr 2011 09:45:54 -0700

> I'd be curious if Stefan's views of secure coding best practices is
> also the official position of WANdisco...
> Anybody out there with an official support contract with WANdisco want
> to report this issue through official channels and see where it leads?
> It's always interesting to gauge just how much vendors selling support
> for open source products really can/cannot have an influence... Would
> WANdisco's response also be "go away"?

Really!? I am flabbergasted. Stefan politely tells you he has better things to do with *his* free time and you guys just keep after him. He even ask for suggestions on how to handle this and instead of receiving any useful feedback he just gets crap...

Every software project (everything in life for that matter) boils down to a list of trade-offs. One person (or company) can't do everything so you sit down and decide what the most important things are. To me, Stefan, and a bunch of other people using TSVN, this is not the most important thing at this point. If it's really that important to you, checkout the source code, fix it, and provide a patch. If you don't have the expertise to do hire one of the several security experts who frequent this list.

I would like to say more but I think I just bit my tongue off...



To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-13 18:46:03 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.