> On Thu, Nov 08, 2007 at 06:39:45AM -0500, Ken Murchison wrote: > >> That's friggin' great! We can't exactly force people to have a >> particular version of glibc just to run Cyrus 2.3.10. Either we need to >> come up with something that will run on all systems, or I'll be inclined >> to remove the getgrouplist() code. > > A quick search shows that at least Redhat, Mandrake and Gentoo issued > security updates for this bug in Nov 2003; I'm pretty sure all other > distros did the same. I do not think it is worth worrying about people > who have not installed a security update for 4 years... It may not be worth for you to worry about it but it is worth for me and maybe also for Ken. People using my RPMs expect things to work. And people do use it on affected systems and they fill my mailbox or the list with complaints if Cyrus segfaults for them. Simon ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html