Hi Dumitru,

Dumitru Moldovan wrote on Tue, May 07, 2019 at 05:33:20PM +0300:
> On Sun, May 05, 2019 at 05:05:11PM +0200, Ingo Schwarze wrote:
>> Consus wrote on Fri, May 03, 2019 at 02:24:10PM +0300:

>>> Maybe it's a good idea to note this on the upgrade page? Something like
>>> "the upgrade procedure may leave some files behing; you can manually
>>> clean them up using sysclean package"?

>> For example, it is definitely useful to remove stale Perl libraries.
>> It is also useful for stale header files if you compile software
>> from source.  It is useful (but not terribly important) for stale
>> manual pages.  It is usually detrimental for old versions of shared
>> libraries, unless you are *really* short on disk space (which is getting
>> less common nowadays) *and* you are very careful.
>> For most use cases, we do not recommend using sysclean.

> I think there's a less common scenario not covered in this thread.
> Suppose you have locally-compiled binaries, linked to previous versions
> of libraries, belonging to an older version of the OS.  Those libs will
> never get patched after you upgrade, so any vulnerabilities they expose
> will remain exploitable in the binaries linked to them.

That is indeed true, and an important observation.

When you compile programs locally (as opposed to using packages),
special care is needed to keep them up to date.  The operating
system cannot do that for you, neither with nor without sysclean.


Reply via email to