(Incoming blogging, not relevant to discussion) On Friday 18 December 2015 17:31:57 Tomáš Chvátal wrote: > things like gtk1 and libxml1 that are quite expected to have > security vulterabilities. > b) move it to some xmms repository to not let people on essentials > accidentaly install some sec hole.
Like accidentally installing X.org? If you run X11 clients, you pretty much hand control over your session to them, at the very least. Protocol flaws, implementation flaws and driver bugs all come together to play here, and it’s far worse than it seems. I routinely bump into all three of them, and in some cases it’s really, really hard to get upstream to fix them. There are many more attractive attack vectors on typical Linux desktops than ancient, unmaintained software that is used by very few people. For example, things like WebGL being enabled by default make my skin crawl, knowing what kind of code is involved and having experienced driver bugs triggered by that. Not that I’m against this; I totally agree with (re)moving very old and unmaintained software. I just couldn’t shut up about this, so here are my 2 cents :)
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Packman mailing list [email protected] http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
