Irrwahn wrote:
> To the Devs in charge, and to whom it may concern.
>
> I just filed an issue against the Devuan slim package,
> requesting its removal from future Devuan releases.
Hi Urban,
Thanks for writing this up and posting it.
I have no stake, not using slim myself, however
I did want to respond.
> -------------------------------------------------------------
>
>
> Request for Removal of slim package from Devuan
>
> I hereby request that the slim package, containing the SLiM
> Simple Login Manager, be removed from future releases of Devuan,
> at least from the Jessie and testing suites. It may have its place
> in unstable for the time being.
>
> The reasoning that leads to this appeal is as follows:
>
> 1. It has no upstream.
> The project has evidently been abandoned, the homepage was
> taken off the web, leaving behind a stale github mirror that
> as of today carries only a README file dated from 2016-04-12,
> containing the following information, verbatim quote:
> "Note: This repository was used as backup source and is no
> longer maintained." [1]
What is the most recent update, besides the README?
Okay, I checked the referred link, Sep. 30, 2013.
Probably there are other, better maintained window managers.
A list of Devuan preferred WMs may be better than simply
removing this one.
> 2. SLiM has various apparent issues, notably:
> * not playing nice with X session managers
> * being unable to preserve the last chosen session between logins
> * it is a nuisance to provide user support for
Not strong arguments, in my opinion.
* Not everyone uses X session managers.
* Most window manager logins do not offer out-of-the-box for
maintaining previous session details.
* OPs posted difficulties may not inconvenience all users
> 3. It has already been removed from Debian testing and unstable (sic!).
> There is reason to suspect it would have been removed from Debian 8,
> were it not for the early Jessie freeze on 2014-11-05.
>
> 4. The Devuan package appears orphaned, the code has not been touched
> for about a year. Considering its upstream is no longer maintained
> either, the package might impose a security risk not tenable for a
> stable release.
We can suppose that isn't much research to find and exploit buffer overruns
in software except for default applications in major
applications used as defaults on major distributions and
operating systems.
Cheers,
> [1] Cf. https://github.com/data-modul/slim
--
Joel Roth