[Zlib-devel] zlib and LZMA
Mark Adler
madler at alumni.caltech.edu
Mon Jul 17 12:27:37 EDT 2006
On Jul 17, 2006, at 8:23 AM, Greg Roelofs wrote:
> One of the problems with that approach is that patches usually
> pinpoint
> the nature of the security issue, and vendors (especially of hardware)
> may wish to have time to update customers before exposing them to the
> presumed attacks that follow widespread knowledge of the bug.
Good point. However I wonder if the whole secrecy thing really works
anyway. The zlib security vulnerabilities were posted initially on
publicly available forums.
> Will you (and by "you" I mean "zlib authors and contributors") have
> a choice?
We will not be using the current LZMA SDK. We will be working with
Igor on the code and license we will actually be using in zlib.
> I think you need to be a little careful about the ramifications.
Indeed. I expect that these sort of discussions will be more work
than the actual development and integration of the code ...
mark
More information about the Zlib-devel
mailing list