On Wed, Aug 29, 2001 at 07:58:52AM -0500, Kelly Martin wrote: > In my opinion, a library which crashes when fed inappropriate external > data is buggy by definition. Let's be more specific: Does the GTK+ UTF8 implementation meet the requirements for security purposes laid down in Unicode 3.0.1 and later ? How about other security considerations? Please don't reply with a cop out like "The application has to handle this", that's equivalent to saying "We needn't fix the bug because there's a known workaround". Conservative implementation is essential here for robustness AND security. Nick.
