<div><div><br><br><div class="gmail_quote"><div dir="ltr">ср, 30 сту 2019, 03:06: карыстальнік Regina Obe <<a href="mailto:lr@pcorp.us" rel="noreferrer" target="_blank">lr@pcorp.us</a>> напісаў:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
> A worthy experiment!<br>
Okay you guys are all sounding like me 1 year ago and I'm sounding like strk and Paul 1 year ago. Pretty scary world we live in.<br>
Well at least Komzpa is as insane as I remember he ever was, so the crazy person is now our stable point of reference.<br>
<br>
Well it looks like strk has fixed gitlab -- Thanks strk :) So one less compelling reason to support 3.5.<br>
Has anyone fixed Fuzzie -- wanna fix Fuzzie? </blockquote></div></div></div><div><br></div><div>Fixed and checked Fuzzie locally, waiting for Google or whoever maintains oss-fuzz repo to merge. <br><br><a href="https://github.com/google/oss-fuzz/pull/2173">https://github.com/google/oss-fuzz/pull/2173</a><br><br></div><div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I'm a bit drowned at this moment with having to learn new things so don't want to deal with anything that requires too much thinking for at least another couple of weeks.<br>
<br>
<br>
> On Jan 24, 2019, at 9:50 PM, Darafei Komяpa Praliaskouski <<a href="mailto:me@komzpa.net" rel="noreferrer noreferrer" target="_blank">me@komzpa.net</a>> wrote:<br>
<br>
> PostGIS 2.0..2.3.2 now has a CVE, let's see how quick vendors will pick it up:<br>
> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18359" rel="noreferrer noreferrer noreferrer" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18359</a> <br>
<br>
> On Thu, Jan 24, 2019 at 2:20 AM Darafei "Komяpa" Praliaskouski <<a href="mailto:me@komzpa.net" rel="noreferrer noreferrer" target="_blank">me@komzpa.net</a>> wrote:<br>
> To push libraries to get update, either:<br>
> - make downstream packages dependencies tighter (with each PostGIS release depend on current minor of GEOS);<br>
> - report a CVE / security bug, so that it's handled by security team (can become just a three-line backpatch though).<br>
<br>
> On Thu, Jan 24, 2019 at 2:14 AM Paul Ramsey <<a href="mailto:pramsey@cleverelephant.ca" rel="noreferrer noreferrer" target="_blank">pramsey@cleverelephant.ca</a>> wrote:<br>
> Well, there’s going to be some exciting news on the GEOS front next week, and hopefully it will bring everyone back to the table :) I don’t know how to break the packaging logjam though, as <br>
> there’s something about system libraries that defies makes everyone “go slow”. Which isn’t really fair, since we’ve done everything necessary to make things easy: the ABI never changes, there’s > never a reason to not just dump the latest GEOS into place. What can we do to convince packagers we are sincere?<br>
<br>
> P<br>
<br>
Sadly the only thing you can do is do micro updates like when 4.0 comes out let's just keep implementing the micro 4.1, 4.<br>
That might serve to piss packagers more though than help confusing them as to what stable vs. feature enhancement is which means they'll think you are crazy and just won't ship you.<br>
<br>
The problem is the more dependable you are the more people want to depend on you. The more people depend on you, the more people want to build there<br>
things on top of you. The more people want to build things ontop of you - you are now a system library too dangerous to touch because you are <br>
the big turtle and changing the big turtle can break the other turtles all the way down to the smallest turtle.<br>
<br>
<br>
Thanks,<br>
Regina<br>
<br>
_______________________________________________<br>
postgis-devel mailing list<br>
<a href="mailto:postgis-devel@lists.osgeo.org" rel="noreferrer noreferrer" target="_blank">postgis-devel@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/postgis-devel" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/postgis-devel</a></blockquote></div></div></div><span>
</span>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Darafei Praliaskouski<br>Support me: <a href="http://patreon.com/komzpa">http://patreon.com/komzpa</a></div></div>