what makes you pick this, of all programs? just because it hasn’t had a release in four years?
Skimming the commit log one can see it certainly has had some bugs, and given that it is written in C it is reasonable to assume it has had some security-relevant ones. (eg, i’m not certain but this commit from a few months prior to the latest release looks like it could be fixing an actually exploitable bug?)
Currently there are 13 commits newer than the latest release. From a quick glance none appear to be obviously fixing security bugs (i guess there will be a new release when they next find some) but there are actually as-yet unreleased commits there fixing bugs… such as this one, made two days after the last release, which fixes searching being left-anchored.
I get it that programs would be big and have bugs. Minix creator said irrespective of language, there have been found typically 1 bug per 1000 LoC. I believe that bug free software is certainly possible. I have my hopes in microkernels with less than 15k LOC, and softwares made by suckless. Updates provide psychological reward that wow, my software is better now but I don’t think such a thing is possible. If for a minimal software like dwm, st, with no unnecessary feature, it could be bug free with zero bugs.
what makes you pick this, of all programs? just because it hasn’t had a release in four years?
Skimming the commit log one can see it certainly has had some bugs, and given that it is written in C it is reasonable to assume it has had some security-relevant ones. (eg, i’m not certain but this commit from a few months prior to the latest release looks like it could be fixing an actually exploitable bug?)
Currently there are 13 commits newer than the latest release. From a quick glance none appear to be obviously fixing security bugs (i guess there will be a new release when they next find some) but there are actually as-yet unreleased commits there fixing bugs… such as this one, made two days after the last release, which fixes searching being left-anchored.
I get it that programs would be big and have bugs. Minix creator said irrespective of language, there have been found typically 1 bug per 1000 LoC. I believe that bug free software is certainly possible. I have my hopes in microkernels with less than 15k LOC, and softwares made by suckless. Updates provide psychological reward that wow, my software is better now but I don’t think such a thing is possible. If for a minimal software like dwm, st, with no unnecessary feature, it could be bug free with zero bugs.