[Contribution] How-to follow-up on patches

[Tom Yu]

Julien Chaffraix <julien.chaffraix at gmail.com> writes:

> I filed ticket 6800
> (http://krbdev.mit.edu/rt/Ticket/Display.html?id=6800) quite some time
> ago and I haven't heard about it. I was wondering what the proper way
> for contributing patches back to kerberos? What are the steps I can do
> to ensure a better follow-up on the changes I submit?

Thank you for your bug report.  Filing a ticket, as you have done, is
the best way to submit a patch.  Discussion of development topics for
MIT Kerberos takes place on the krbdev at mit.edu list, which you should
consider joining if you would like to contribute to our development
efforts on an ongoing basis.  You may send to krbcore at mit.edu if you
need to reach the core team directly for some reason.

As you may be aware, patches for memory leaks (such as in the bug
report you submitted) take extra effort to review because the
consequences of an incorrect patch for a memory leak include elevating
the risk from a slow denial of service to a remote code execution
vulnerability.

Our resources are limited, so we are often focusing on higher-priority
tasks.  If there are some reasons why we should elevate the priority
of a bug report, please let us know what they are (preferably by
replying to the auto-response message you received on ticket creation,
so that the message gets tracked) so we can reevaluate.

I am working on improving our processes so that we can review
contributed patches and bug reports more efficiently.

-- 
Tom Yu
Development Team Leader
MIT Kerberos Consortium