Дана 26/03/01 06:22PM, Gimmi написа:
> While I agree on that for new functions (if the tool is fine as it is, why
> touch it?), it is also true that if a security vulnerability is discovered
> in unmaintained software it is probable that it will not be patched. Someone
> can create a fork of uMatrix, but it will not be uMatrix: good luck getting
> the word out!
[...]
> [...]However, I would be much more relieved if the uMatrix
> repository were never been archived, so that more people would use it and
> possibly discover bugs or security vulnerabilities.
I think such mistrust is unfounded. Those who care about privacy on the
web already know about uMatrix, or can easily find out about it. Those
who know about uMatrix will also know to install the "archived"
version, and only that version.
> Neither the clock nor the drawer can receive remote commands because of
> unintended flaws in their programming.
Neither can uMatrix, because it doesn't include constant "updates"
(unlike uBlock Origin and other addons reliant on remote
{black,white}lists).
> If uMatrix wasn't included in a browser or intended to read external files,
> the fact that it is unmaintained wouldn't be a problem.
It isn't "included in the browser", and the only files it reads and
writes are the local configuration files readable and writable by the
user. If those are compromised, the user has bigger issue on hand, and
not one caused by uMatrix itself.
