Quoting John Paul Adrian Glaubitz (2015-06-20 12:56:56) > On 06/20/2015 07:51 PM, Jonas Smedegaard wrote: >>> Installing cmus on a newly installed system will therefore install >>> libdnet as a transitive dependency >> >> Agreed cmus pulls in the _library_ for dnet. > > Which is unmaintained upstream and in Debian, see: > >> https://packages.qa.debian.org/d/dnprogs.html > > I think we can agree that is preferable not to have network stacks in > Debian which are no longer actively maintained as they pose a possible > security risk.
I think we can both agree that using cmus imposes a higher security risk than using a simpler music player with fewer dependencies and thus fewer overall lines of code potentially containing flaws. Please file bugreports regarding security flaws of DECnet packages against those DECnet packages, *not* their reverse dependencies! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature