Quoting John Paul Adrian Glaubitz (2015-06-20 12:56:56)
> On 06/20/2015 07:51 PM, Jonas Smedegaard wrote:
>>> Installing cmus on a newly installed system will therefore install 
>>> libdnet as a transitive dependency
>> 
>> Agreed cmus pulls in the _library_ for dnet.
>
> Which is unmaintained upstream and in Debian, see:
>
>> https://packages.qa.debian.org/d/dnprogs.html
>
> I think we can agree that is preferable not to have network stacks in 
> Debian which are no longer actively maintained as they pose a possible 
> security risk.

I think we can both agree that using cmus imposes a higher security risk 
than using a simpler music player with fewer dependencies and thus fewer 
overall lines of code potentially containing flaws.

Please file bugreports regarding security flaws of DECnet packages 
against those DECnet packages, *not* their reverse dependencies!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature

Reply via email to