[Pkg-sugar-devel] Bug#813258: Bug#813258: sugar-record-activity: Should sugar-record-activity be removed?

Tony Anderson tony_anderson at usa.net
Mon Feb 1 00:51:41 UTC 2016

Hi, James

Zero day vulnerabilities as I understand it are vulnerabilities not 
known except to the exploiters. That has been true
since day one. The antivirus folks can only protect us against a virus 
that has been released (although some have taken
a positive approach of trying to recognize patterns of exploit).

So this hypothetical list of zero-day vulnerabilities can not be 
reduced, by definition, until the exploit is made.

Luckily, XO deployments often have no connection to the internet and so 
are automatically protected against most

My concern is that Debian Sugar would become less capable on standard 
laptops without Record. The implication is that
to keep Record in Debian Sugar, someone must drop whatever they are 
doing and undertake to port Record to GTK+3, even
though Record is fully functional and not known to be open to any 
exploit. This is the Microsoft formula to force users to buy
new licenses.

Naturally, on any XO, Sugar is based on 32-bit Fedora. This is unlikely 
to change in the foreseeable future. Actually, I suspect the
majority of XOs are still running 0.82.


On 02/01/2016 08:22 AM, James Cameron wrote:
> On Mon, Feb 01, 2016 at 08:11:35AM +0800, Tony Anderson wrote:
>> How does code over time become dangerous?
> The list of zero-day vulnerabilities increases with no work being done
> to decrease the list.
>> The real problem is that gstreamer 1 requires the installation of
>> the complete bad and ugly libraries where gstreamer 0.1 allowed the
>> specfic codecs to be installed (this is important for an XO-1 with
>> 1GB total storage).
> (a) while that's true on Fedora, I don't think this is true on Debian,
> judging by a quick look through packages.debian.org, and this thread
> is only talking about Debian,
> (b) you probably won't have to worry about this with the XO-1; there's
> not enough interest in Debian on the XO-1 for it to be practical as a
> basis for running Sugar, and without Sugar there's no point worrying
> about the Record activity.

More information about the pkg-sugar-devel mailing list