Announcement

Collapse
No announcement yet.

Fedora Might Start Dropping Packages With Consistently Bad Security Records

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by cybertraveler View Post
    I think it would be better for their users to keep the vulnerable packages, but...
    Essentially this mechanism already exists. It's already used for non-free software. rpmfusion is the standard repository for non-free software that Fedora users want to use. Adding a repository to enable access to unmaintained software seems to be a reasonable approach.

    Comment


    • #12
      in my mind im thinking what took so long! This is somethinh i expect fro a distro


      Originally posted by duby229 View Post
      Oh good, how soon do they plan to remove Gnome Shell then? Or xorg? Or mono? Or -every- web browser?
      The key here is the lack of maintenance. If an app is no longer supported in a timely manner it is a security risk.
      EDIT: The point I'm making is that they just made a blanket statement that they cannot possibly achieve,
      What blanket statement? Nothing of the sort was stated.
      or else they would not have functional repository.
      Baloney! There is a huge difference between code that is actively maintained vs code no longer supportted.

      There seems to be some negativity here in this thread but frankly this is what i expect out of a distro and that is at least some attention to security. By the say this doesnt stop anybody from installing dodgy code themselves. It does make you responsible for security breached and questionable code.

      In the end we might lose a handful of apps which is a small price to pay to get decent auditting.

      Comment


      • #13
        Originally posted by cen1 View Post
        How about you let me install whatever I want and as much as I want? Fedora needs more packages, not less.
        problem with that, PREVIOUS packagers ARE LEAVING THE dISTRO, EITHER TO ANOTHER dISTRO OR JUST NOT ENOUGH TIME ANYMORE, PEOPLE HAVE REAL paying JOBS SO THAT COMES FIRST BEFORE free open Source STUFF DOES which is probably why FlatPak has been introduced so people dont have to wait for Package Maintainers to update the Package

        Comment


        • #14
          Originally posted by wizard69 View Post
          The key here is the lack of maintenance. If an app is no longer supported in a timely manner it is a security risk.
          Exactly. One reason I have told people in the past to avoid Internet Explorer, Adobe Reader and Adobe Flash, is not because there are frequently security vulnerabilities found in this software (there are), but because the vendor is often very slow to fix those vulnerabilities. Conversely, I often recommend Firefox even though there is a constant stream of vulnerabilities found, because Mozilla are reasonably quick to fix those vulnerabilities.

          Comment


          • #15
            Originally posted by wizard69 View Post
            In the end we might lose a handful of apps which is a small price to pay to get decent auditting.
            Nobody forces you to install "unmaintained" apps if you don't want to. Yet you think it's a good idea to prevent anyone, even those who don't care, from doing so. Funny.

            Comment

            Working...
            X