Hi there, On Tue, 20 Jan 2026, [email protected] wrote:
G.W. Haywood wrote ... on Monday, January 19, 2026: > ... the new version of rsync-bpc does away with the bundled zlib > and popt code, ... How about an option to use either bundled or system copies?
That option has been available for many years. Having known vulnerable code in there is an issue for many people, even if using it is optional. In December I spent a fair chunk of time removing the option and the code. I don't plan to put it back. My time is spread thinly enough as it is. When people have systems compromised, I don't want to be the one who has to explain to them what they should have read before using some old code that I'd left lying around.
Sometimes the system may have older or more stale versions than latest backuppc (particularly on old servers that are no longer being actively updated)
True, but the old code is still available in a number of places. This just means that in the future you'll have to make a conscious decision and work a little harder to get it - and that if there are problems as a result, they are *entirely* down to you. The theory is that as a result of removing stale code from the repo there will be fewer CVEs that mention "BackupPC", more people will be able to tick more boxes, and so more data will get safely backed up. -- 73, Ged. _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
