|
Boost : |
Subject: Re: [boost] [serialization] boost 1.45. I did not find any information about serios flaw in 1.44
From: Matt Chambers (matt.chambers42_at_[hidden])
Date: 2010-11-22 09:35:01
On 11/21/2010 11:25 PM, Sergey Voropaev wrote:
> I am reporter of bug #4660 (https://svn.boost.org/trac/boost/ticket/4660). I am
> glad this bug was fixed in 1.45 version. But I did not find any information in
> release notes (http://www.boost.org/users/download/version_1_45_0) and in
> library documentation
> (http://www.boost.org/doc/libs/1_45_0/libs/serialization/doc/index.html) about
> what was fixed in 1.44 version. There are not any recommendations or comments
> about using version 1.44 with binary archives.
> I think that the absence of such information is very dangerous for the future of
> the serialization library, since this is a serious indicator of the quality of
> maintenance of the library. (I have no complaints about the quality of the
> library and its design)
> Should I reopen this bug, or open a new one, or this letter would be sufficient
> to restore order to the documentation of serialization library?
I just read up on this issue and I agree with Sergey that users of or potential
upgraders to 1.44 must be warned about this bug. This is particularly dangerous
for users of system-distributed boost. At the very least, the "News" section on
boost.org should mention serialization as updated (preferably with some kind of
emphasis, like red text) and the release notes in both 1.44 and 1.45 should be
amended as well (again, with emphasis). And I didn't actually look at the code
fix, but was it done in a way that both <1.44 and 1.44 archive compatibility was
maintained? I.e. check one byte to see if it's 6, if not read the next byte
(which will break at version 1537 if I'm thinking straight). By that time the
hack can be removed since anybody still using 1.44 can safely be slapped. ;)
-Matt
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk