Daniel Gustafsson

Could it be that `gss_display_status()` returns an error and the `status_string.value` member is a null pointer? `gss_release_buffer` will have reset the value at this point so perhaps we need to...

> I don't prefer the repurpose, I think it is confusing that 1 would not mean set to size 1 I agree with @jay, since the current option takes a...

> How do we proceed here? Are there open questions? It's probably a "niche feature", but it may be worth implementing. It's clearly a niche feature, but we have such...

I see the same errors in my packaging pipeline, and I can verify that 04ff38b fixes the `test_show` failure.

As the fix is in postgres, I guess the full test suite will be fixed when 15.1 ships.

> .. or "This bug is a security issue and may go unnoticed". For bugs that are found to be security issues I think the [security process](https://github.com/curl/curl/blob/master/docs/SECURITY-PROCESS.md) already has wording...

> There exists one more variant: `explicit_memset`: Interesting, we even use it in the code for the NetBSD bug (which is active for NetBSD < 9 but explicit_memset is only...

> In libssh2 the wrapper for all the variants is a macro. It has the advantage to inline the native Windows call (and maybe others if they have a similar...

One more TODO is to move clearing of values to when they're no longer needed and not just before the `free` call.

> I would think the secrets are probably still in memory somewhere. I'd want to hear from some security experts to know whether this is really worth it for us...