On Tue, Sep 13, 2016 at 12:02 PM, Daniel Bünzli <[email protected]> wrote: > Frankly simply don't use the wrong tools; I don't claim there are no bugs in > jsonm but at least it doesn't try to be insecure by design.
I still don't think you've demonstrated insecurity (except perhaps your own). > I think that if you are implementing security infrastructure you should be > careful about these details; as far as I'm concerned not doing so casts some > doubts on your ability to actually implement these things. I think the author of the library might like to understand more about why you think this might be a problem so that they can correct it. Telling them is certainly more effective (and socially responsible) than spreading FUD on an unrelated mailing list. _______________________________________________ opam-devel mailing list [email protected] http://lists.ocaml.org/listinfo/opam-devel
