[packman] Re (OT): Moving xmms from Essentials somewhere else
Martin Herkt
lachs0r at srsfckn.biz
Thu Dec 31 08:05:14 CET 2015
(Incoming blogging, not relevant to discussion)
On Friday 18 December 2015 17:31:57 Tomáš Chvátal wrote:
> things like gtk1 and libxml1 that are quite expected to have
> security vulterabilities.
> b) move it to some xmms repository to not let people on essentials
> accidentaly install some sec hole.
Like accidentally installing X.org? If you run X11 clients, you pretty much
hand control over your session to them, at the very least. Protocol flaws,
implementation flaws and driver bugs all come together to play here, and it’s
far worse than it seems. I routinely bump into all three of them, and in some
cases it’s really, really hard to get upstream to fix them. There are many
more attractive attack vectors on typical Linux desktops than ancient,
unmaintained software that is used by very few people. For example, things
like WebGL being enabled by default make my skin crawl, knowing what kind of
code is involved and having experienced driver bugs triggered by that.
Not that I’m against this; I totally agree with (re)moving very old and
unmaintained software.
I just couldn’t shut up about this, so here are my 2 cents :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20151231/d6640b7e/attachment.sig>
More information about the Packman
mailing list