On Tue, 03 Dec 2013, Josselin Mouette wrote: > Le lundi 02 décembre 2013 à 13:41 -0700, Bdale Garbee a écrit : > > Josselin Mouette <j...@debian.org> writes: > > > > > There are two implied assumptions here: > > > * that the same people are developing all components; > > > * that develolpers have the same attention to code quality and > > > security in all components they work on. > > > > > > I don’t think either of them applies to systemd. > > > > Right, this succinctly captures one of my biggest concerns about systemd. > > Could you please elaborate on this concern? Is it about the large number > of developers, or about the fact they treat important pieces of code > more carefully?
Projects which have multiple components, each of which has different security/interface surfaces without stable defined interfaces, can lead to problems when one set of developers doesn't understand the security implications of the parts that they do not work on. The combination of components into a single monolith is sometimes necessary, but it's not clear that it is so in the case of systemd. -- Don Armstrong http://www.donarmstrong.com THERE IS NO GRAVITY THE WORLD SUCKS -- Vietnam War Penquin Lighter http://gallery.donarmstrong.com/clippings/vietnam_there_is_no_gravity.jpg -- To UNSUBSCRIBE, email to debian-ctte-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131202233232.gn4...@rzlab.ucr.edu
