On Tue, 24 May 2016 10:36:40 -1000, Joel Roth wrote: > Irrwahn wrote: [...] >> 4. The Devuan package appears orphaned, the code has not been touched >> for about a year. Considering its upstream is no longer maintained >> either, the package might impose a security risk not tenable for a >> stable release. > > We can suppose that isn't much research to find and exploit buffer overruns > in software except for default applications in major > applications used as defaults on major distributions and > operating systems.
Thank you for your input, Joel. I would never have beaten the drum, if it was just any old application to be run by a user. But a login manager is IMNSHO a different kettle of fish. While not exactly at the heart of an OS (like e.g. the init system), it is nonetheless usually run under the root account, and is the first point of user interaction after starting up the system. In my humble opinion a quality distribution like Devuan should not show a potential weakness at such a crucial spot by shipping a package in questionable condition. I admit freely I took action in such a drastic form in the hope to attract the attention of potential future maintainers willing to take over the task of saving the package from falling into total oblivion. The gear that squeaks the loudest ... you know the saying. Regards Urban _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
