Some meta-commentary regarding this whole thing: - I've already explained my objection to the strl*() functions, so I won't repeat them again.
- I'm personally torn between Robert & Ingo's positions: I don't think sprinkling strlcpy() everywhere is the right answer, but I can't defend the MH codebase; I bet a ton of those strcpy()s are just terrible. But many times it ended up not being a huge problem in practice, so I don't think we're terrible right now. - Really, this overuse of strcpy/strcat results from our usage of fixed sized buffers. We should be switching to dynamically-allocated strings whenever possible. Fixing that means dealing with idea of who actually owns a particular memory object and is responsible for freeing it? I've been fixing up APIs I'm involved with, but it's slow going. I'd rather address these problems this way rather than do a whole audit for every instance of strcpy(). --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
