Originally posted by Luke
View Post
However, I think a much better idea would be doing a clean install of either Sabayon or Gentoo. Sabayon lets you mix binary and source-based packages, so it's not that different to what you're doing already, except that it keeps both package managers in sync so that dependencies, etc. work nicely. Which you choose comes down purely to whether you want more control (Gentoo) or are happy to accept the default USE flags on most packages in exchange for not needing to compile everything (Sabayon).
Originally posted by Passso
View Post
The big downside to this is that it's a double-edged sword - when the proprietary software depends on a specific version, it's inevitable an old, out-of-date and vulnerable version. glsa-check tells me I have vulnerable versions of libpng and openssl installed, and the only package that depends on them is nvidia-drivers. (Although I suppose the silver lining here is that all the other packages are able to use the newer, secure version instead of the vulnerable one.)
Bundling libraries with packages will definitely make them easier to run, but it's going to be a nightmare in terms of security and maintainability, especially since most manufacturers aren't going to be doing new releases each time one of their libraries has a security patch.
Comment