1 |
> If security bugs occur then there's two options -- fix, or remove. |
2 |
|
3 |
(Or maybe mask with message clearly indicating security issues |
4 |
or warn about possibly unknown security issues). |
5 |
|
6 |
I agree. But security bugs are really relevant only for a rather |
7 |
limited types of packages: Those which are SUID (or have caps) or |
8 |
automatically called by other programs and reading untrusted data: |
9 |
Libraries (or used as such like movie players, viewers etc), or |
10 |
programs tightly coupled to the net (browsers, net games, etc). |
11 |
|
12 |
So e.g., I completely agree with masking xpdf for security reasons |
13 |
if nobody wants to care about security issues, although this does |
14 |
not necessarily mean that it has to be removed from the tree. |
15 |
|
16 |
However, for all other packages I mentioned, |
17 |
e.g. simple games (I was not speaking about net games), |
18 |
security issues are not security relevant: |
19 |
It is really the user's fault if he feeds them untrusted data, |
20 |
and in this case the user's data can be harmed. This he should |
21 |
know in advance, anyway. |
22 |
|
23 |
Regards |
24 |
Martin |