Bug#789256: cmus: Pulls in unwanted and potentially dangerous DECnet packages through libroar2
dr at jones.dk
Sat Jun 20 18:42:56 UTC 2015
Quoting John Paul Adrian Glaubitz (2015-06-20 12:56:56)
> On 06/20/2015 07:51 PM, Jonas Smedegaard wrote:
>>> Installing cmus on a newly installed system will therefore install
>>> libdnet as a transitive dependency
>> Agreed cmus pulls in the _library_ for dnet.
> Which is unmaintained upstream and in Debian, see:
> I think we can agree that is preferable not to have network stacks in
> Debian which are no longer actively maintained as they pose a possible
> security risk.
I think we can both agree that using cmus imposes a higher security risk
than using a simpler music player with fewer dependencies and thus fewer
overall lines of code potentially containing flaws.
Please file bugreports regarding security flaws of DECnet packages
against those DECnet packages, *not* their reverse dependencies!
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
More information about the pkg-multimedia-maintainers