Announcement

Collapse
No announcement yet.

Fedora Might Start Dropping Packages With Consistently Bad Security Records

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora Might Start Dropping Packages With Consistently Bad Security Records

    Phoronix: Fedora Might Start Dropping Packages With Consistently Bad Security Records

    Fedora's Engineering and Steering Committee is mulling over the idea of dropping software packages from the distribution that have notoriously bad security track records...

    http://www.phoronix.com/scan.php?pag...rious-Sec-Pkgs

  • #2
    Well I guess they had to drop X.org sometime.

    Comment


    • #3
      What's a Linux distro without the Linux kernel? Yea, you know what I'm implying.

      Comment


      • #4
        an yet Fedora still keeps security riddled Gstreamer releases in there repo but yet talk about doing this? i'll believe it when i see it actually done. , as much as i dont like Trump, maybe Fedora should get Trump to get rid of them? he aint done a bad job of getting rid of other shit

        Comment


        • #5
          Oh good, how soon do they plan to remove Gnome Shell then? Or xorg? Or mono? Or -every- web browser?

          EDIT: The point I'm making is that they just made a blanket statement that they cannot possibly achieve, or else they would not have functional repository.

          Comment


          • #6
            How about you let me install whatever I want and as much as I want? Fedora needs more packages, not less.

            Comment


            • #7
              Originally posted by duby229 View Post
              Or -every- web browser?
              When Fedora drops Chromium (new high-severity security bugs are found in each release), I guess they can also throw out the bundled software exception which was introduced specifically for that browser. Making their users more secure in the process.

              Comment


              • #8
                Originally posted by duby229 View Post
                Oh good, how soon do they plan to remove Gnome Shell then? Or xorg? Or mono? Or -every- web browser?

                EDIT: The point I'm making is that they just made a blanket statement that they cannot possibly achieve, or else they would not have functional repository.
                That doesn't make much sense. You cannot read every proposal made to the project as a statement by the project. Anyone is allowed to file a ticket with a proposal at any time.

                Comment


                • #9
                  Originally posted by RahulSundaram View Post
                  That doesn't make much sense. You cannot read every proposal made to the project as a statement by the project. Anyone is allowed to file a ticket with a proposal at any time.
                  Well most people think open source projects are a hive mind. Unfortunately, this includes Michael in many cases, or maybe he just does it for clickbaits (can't blame him there, he needs that ad revenue).

                  Comment


                  • #10
                    I think it would be better for their users to keep the vulnerable packages, but inform the users of current and historical vulnerabilities. This means the user still has the choice.

                    Their software centre program could provide this information.

                    For command line packages they could encode an extra field in the package labelled something like 'vulnerable'. If it is true, it would require the user to interactively confirm installation (having seen a warning) or non-interactively pass in a switch like '--allow-vulnerable-packages'.

                    Comment

                    Working...
                    X