[freelists-users] Re: Old bug...

  • From: John Madden <weez@xxxxxxxxxxxxx>
  • To: "Brian L. Johnson" <blj8@xxxxxxxx>
  • Date: Tue, 12 Mar 2002 08:14:09 -0500

Brian, I'm cc'ing freelists-users so everyone else is up on what's 
happening...

> Remember that problem I had where messages from juno.com users weren't
> being summarized in the digest's TOC?
>
> Well, it's still there; never went away really...
>
> But now that the dust has settled somewhat over the Listar suit, I was
> wondering if you could resubmit it as a bug (or reopen it if it's still
> on their system)?

Well, here's the thing about Listar/Ecartis...  In short, we might not be 
using it for long.  

A post came through on Bugtraq last night about the recent security 
problems found in the software that were labeled as "infinite" in number.  
Worse, the developers were described as not wanting or caring to fix them. 
 After asking about it on ecartis-support, I was told by one of the people 
who are apparently developing Ecartis now that she "fixed all that she 
could find, but didn't have the time to look for the rest of the 
problems."  

...I don't like that attitude.  Yes, it's Free Software, and maintained on 
a volunteer basis, but I don't seem to have any trouble getting bugfixes 
quickly for my linux kernels (etc.)...

Basically, the issue is that they've coded throughout with sprintf()'s, 
which are widely known to allow buffer overflows, and really never 
should've been used to begin with.  

Given the usually-slow development of the product, and the recent attitude 
of the developers, I'm thinking about evaluating other packages or writing 
our own.  

Then again, either of those options would be an absolutely huge 
undertaking, and honestly, Ecartis is probably the best package out there 
for mailing list management, despite its shortcomings.  A re-write of its 
MIME library is next on its TODO list, which would mean a lot of these 
silly MIME-related issues (the digest TOC problem, for example) would go 
away.  

If anyone's got any ideas or feelings on the matter, we're open to them.  
That includes suggestions on other Free Software mailing list managers.  

John


- FreeLists Staff




===========================================================
The FreeLists-Users mailing list
Archives: //www.freelists.org/archives/freelists-users
Administrative contact: weez@xxxxxxxxxxxxx
===========================================================

Other related posts:

  1. Home
  2. freelists-users
  3. Archive
  4. 03-2002