| 1 |
> If security bugs occur then there's two options -- fix, or remove. |
| 2 |
|
| 3 |
(Or maybe mask with message clearly indicating security issues |
| 4 |
or warn about possibly unknown security issues). |
| 5 |
|
| 6 |
I agree. But security bugs are really relevant only for a rather |
| 7 |
limited types of packages: Those which are SUID (or have caps) or |
| 8 |
automatically called by other programs and reading untrusted data: |
| 9 |
Libraries (or used as such like movie players, viewers etc), or |
| 10 |
programs tightly coupled to the net (browsers, net games, etc). |
| 11 |
|
| 12 |
So e.g., I completely agree with masking xpdf for security reasons |
| 13 |
if nobody wants to care about security issues, although this does |
| 14 |
not necessarily mean that it has to be removed from the tree. |
| 15 |
|
| 16 |
However, for all other packages I mentioned, |
| 17 |
e.g. simple games (I was not speaking about net games), |
| 18 |
security issues are not security relevant: |
| 19 |
It is really the user's fault if he feeds them untrusted data, |
| 20 |
and in this case the user's data can be harmed. This he should |
| 21 |
know in advance, anyway. |
| 22 |
|
| 23 |
Regards |
| 24 |
Martin |
Archives