> I see one unsubstantiated allegation about PG intermixed with a ton
> of content-free navel-gazing. Don't waste my time.
For instance, when I submitted patches for fulltextindex 7.2 it freely used
unchecked sprintf's everywhere. Even now I'm not sure what'll happen if a
malicious user really tried to crash it. Anyway, who cares about printfs
when stuff like select cash_out(2) is documented?
> I have no doubt that some problems remain (cf recent agonizing over
> whether there is a buffer overrun problem in the date parser) ...
> but unspecific rumors don't help anyone. As always, the best form of
> criticism is a diff -c patch.
Maybe we could form a bunch of people on this list interested in checking
for security issues and fixing them. I'd be in, time be willing...
Chris