On 1/27/20 11:17 PM, Quanah Gibson-Mount wrote: > --On Monday, January 27, 2020 10:45 PM +0100 Michael Ströder > <mich...@stroeder.com> wrote: > >> On 1/27/20 10:19 PM, Quanah Gibson-Mount wrote: >>> To me, frequent releases >>> generally indicate an immature, unstable, and buggy product. ;) >> >> Are you sarcastic here? > > No, not at all. [..] If we release every 2 weeks, but slapd core > dumps 90% of the time, is that really better? Sure, the project > looks more "active", but I wouldn't see that as a benefit/gain. ITS#9124 is known since almost two months now and there's no upstream release with a fix. (And remember that I've tested RE24 branch revealing that the first fix was seg faulting.)
=> The OpenLDAP project needs more continuous testing to be able to provide quicker releases in such an emergency case. Just being slower and leave such a security issue to packagers adding back-ports is not stable (for whatever definition of "stable"). Ciao, Michael. P.S.: And yes, cyrus-sasl is even worse by not handling CVE-2019-19906 (first filed as ITS#9123).