:: Re: [DNG] Request for Removal of sl…
Top Page
Delete this message
Reply to this message
Author: Irrwahn
Date:  
To: dng
Subject: Re: [DNG] Request for Removal of slim package from Devuan
On Tue, 24 May 2016 10:36:40 -1000, Joel Roth wrote:
> Irrwahn wrote:

[...]
>> 4. The Devuan package appears orphaned, the code has not been touched 
>>    for about a year. Considering its upstream is no longer maintained 
>>    either, the package might impose a security risk not tenable for a 
>>    stable release.

>
> We can suppose that isn't much research to find and exploit buffer overruns
> in software except for default applications in major
> applications used as defaults on major distributions and
> operating systems.


Thank you for your input, Joel.

I would never have beaten the drum, if it was just any
old application to be run by a user. But a login manager
is IMNSHO a different kettle of fish. While not exactly
at the heart of an OS (like e.g. the init system), it is
nonetheless usually run under the root account, and is
the first point of user interaction after starting up
the system.

In my humble opinion a quality distribution like Devuan
should not show a potential weakness at such a crucial
spot by shipping a package in questionable condition.

I admit freely I took action in such a drastic form in
the hope to attract the attention of potential future
maintainers willing to take over the task of saving the
package from falling into total oblivion. The gear that
squeaks the loudest ... you know the saying.

Regards
Urban