On 2011-10-05 at 09:25 +0100, Jethro R Binks wrote: > If not, I'd say it worth note the non-issue on a developer webpage/wiki,
> so the next time someone asks (or someone casually reviewing the code
> starts raving about not using strlcpy etc) they can be directed to it.
> There is a current brief related comment in the Exim spec, but you
> probably wouldn't come across it unless you were looking hard.
If someone claims to be doing a security review and tries to tell us
what to do but does not read the "Security considerations" section of
the Specification, then I laugh at them. Not with them. At them.
Then I go about my day.
-Phil, not a nice man sometimes
