2018-08-18 15:56 GMT+02:00 DF8OE <df...@gmx.de>:
> Package: appstream
> Version: 0.12.2-1
> Severity: normal
>
> Dear Maintainer,
>
> I think it is a very bad idea to set this package to the dependency of gnome.
Please inform yourself about what the purpose of certain system
components is before making requests like this.
AppStream is required for GNOME Software and system firmware updates to work.
> Reason: you can bypass software from dubious sources to apt.
That is not what happens - all data handled comes directly from
Debian, no other sources are involved, especially not "dubious" ones,
unless the user has added them on their own.
> I think this is not the
> intention of DEBIAN. State of package should be set to "suggested" - maximum.
> Using this
> package you open security holes on your system.
> [...]
There are no known security vulnerabilities in appstream. Dependencies
are required to make the OS work correctly.
If you don't want AppStream, remove gnome-software, fwupd, isenkram, etc.
Closing.
Regards,
Matthias
--
I welcome VSRE emails. See http://vsre.info/
