:: Re: [DNG] Request for Removal of sl…
Góra strony
Delete this message
Reply to this message
Autor: Irrwahn
Data:  
Dla: dng
Temat: Re: [DNG] Request for Removal of slim package from Devuan
On Tue, 24 May 2016 10:36:40 -1000, Joel Roth wrote:
> Irrwahn wrote:

[...]
>> 4. The Devuan package appears orphaned, the code has not been touched 
>>    for about a year. Considering its upstream is no longer maintained 
>>    either, the package might impose a security risk not tenable for a 
>>    stable release.

>
> We can suppose that isn't much research to find and exploit buffer overruns
> in software except for default applications in major
> applications used as defaults on major distributions and
> operating systems.


Thank you for your input, Joel.

I would never have beaten the drum, if it was just any
old application to be run by a user. But a login manager
is IMNSHO a different kettle of fish. While not exactly
at the heart of an OS (like e.g. the init system), it is
nonetheless usually run under the root account, and is
the first point of user interaction after starting up
the system.

In my humble opinion a quality distribution like Devuan
should not show a potential weakness at such a crucial
spot by shipping a package in questionable condition.

I admit freely I took action in such a drastic form in
the hope to attract the attention of potential future
maintainers willing to take over the task of saving the
package from falling into total oblivion. The gear that
squeaks the loudest ... you know the saying.

Regards
Urban