On Wed, 25 May 2016 12:08:12 +0200, Florian Zieboll wrote: > On Tue, 24 May 2016 23:07:33 +0200 > Irrwahn <irrw...@freenet.de> wrote: > >> In my humble opinion a quality distribution like Devuan >> should not show a potential weakness at such a crucial >> spot by shipping a package in questionable condition. > > > Hallo Irrwahn, > > in an earlier mail you wrote regarding slim: > > | Subject: Re: [DNG] How to change default session > | Date: Mon, 23 May 2016 23:14:11 +0200 > | > | (...) plus there were some other more severe problems with it (if > | my memory serves me right > > Can you elaborate on this?
One specific thing I recall is slim leaking memory on each login cycle. That might not sound dramatic per se (given the amount of RAM present in even tiny machines today), but in my experience is usually the symptom of an underlying more severe problem or design flaw. And, it can very well be used as an attack vector. > I remember strange behavior on my PC (random > swallowing of approx. 30-50% of the characters typed on tty1 => login > ~impossible on tty1) a few years ago, definitely related to slim. IIRC, > at that time probably somewhat paranoid me didn't troubleshoot (besides > the usual websearch magic) this any further but quietly switched over to > lightdm to avoid going even more crazy ;) > > This is not meant to be about retroactively solving a no longer > reproducible bug, just my two trade beads worth of objective experience > with slim, plus some curiosity. Just out of curiosity, I downloaded the slim source package and built the poor thing. Now I wish I had not, because compiler diagnostics like that: /tmp/slim-1.3.6/app.cpp:478:26: warning: ‘pw’ may be used uninitialized in this function [-Wmaybe-uninitialized] correct = pw->pw_passwd; are not exactly what I call confidence-inspiring. And definitely not something I want to see while building a login manager! Sure, it *could* be just the usual gcc noise, but to tell, one would have to dig in the code and confirm. And than *bloody* *fix* it, for Ritchie's sake, and be it only to silence a gratuitous warning to make life easier for the next person to build the thing! Sorry for getting all worked up, but things like that really irritate me. What trust shall I put in an author who doesn't even seem to care, when the compiler already has him by the balls? Regards Urban _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
