| 1 |
On Tue, 16 Jan 2018 22:19:15 +0000 |
| 2 |
"M. J. Everitt" <m.j.everitt@×××.org> wrote: |
| 3 |
|
| 4 |
> On 16/01/18 21:56, Róbert Čerňanský wrote: |
| 5 |
> > On Tue, 16 Jan 2018 15:58:11 +0100 |
| 6 |
> > Kristian Fiskerstrand <k_f@g.o> wrote: |
| 7 |
> > |
| 8 |
> >> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote: |
| 9 |
> >>> Given the situation, we have a choice: Remove GnuCash altogether, |
| 10 |
> >>> or press ahead with recommending a version upstream considers |
| 11 |
> >>> unstable. |
| 12 |
> >> Or 3, discuss with upstream to see if they can release an updated |
| 13 |
> >> version as stable branch. |
| 14 |
> > 4. Mask the vulnerable webkit-gtk. This way: A. User is informed. |
| 15 |
> > B. Manual action is required to continue using such package. |
| 16 |
> > |
| 17 |
> > I see this as the most obvious choice considering that I am still |
| 18 |
> > unable to find any possible attack vector against GnuCash. If it |
| 19 |
> > is me and only me who enters data. Webkit reports are generated |
| 20 |
> > from those data. How can anyone hack me through GnuCash? |
| 21 |
> > |
| 22 |
> > In general, many times users use applications in a way that |
| 23 |
> > vulnerabilities does not apply to their use cases. I would prefer |
| 24 |
> > to be informed and allowed to continue using such application as a |
| 25 |
> > part of the distro. |
| 26 |
> > |
| 27 |
> > Robert |
| 28 |
> > |
| 29 |
> > |
| 30 |
> Forgive my potential misunderstanding here .. but who's actively |
| 31 |
> preventing you from using GnuCash 2.6? You can take a copy locally to |
| 32 |
> /usr/local/portage so that When/If finally it gets removed from the |
| 33 |
> central package 'tree' it will run for you provided its requirements |
| 34 |
> are still met on your system ... |
| 35 |
|
| 36 |
That's correct, nobody is preventing me and I already have copies of |
| 37 |
several packages. But with each additional package Gentoo becomes less |
| 38 |
and less valuable. You can say the same thing about every package. But |
| 39 |
what would be the point of linux distribution then? |
| 40 |
|
| 41 |
I worked with assumption that there is a motivation in Gentoo to provide |
| 42 |
a value in a form of stable GnuCash and I merely presented a way which I |
| 43 |
see as most pragmatic. It allows to continue to provide that value and |
| 44 |
raises awarenes about webkit-gtk security vulnerabilities. |
| 45 |
|
| 46 |
Of course there is also a possibility that maintainters may have lost |
| 47 |
interest/motivation to maintain old webkit-gtk. Which would be normal |
| 48 |
and prefectly fine but completelly different matter than security. |
| 49 |
|
| 50 |
Robert |
| 51 |
|
| 52 |
|
| 53 |
-- |
| 54 |
Róbert Čerňanský |
| 55 |
E-mail: openhs@×××××××××.com |
| 56 |
Jabber: hs@××××××.sk |
Archives