Originally posted by wizard69
View Post
-
Nobody forces you to install "unmaintained" apps if you don't want to. Yet you think it's a good idea to prevent anyone, even those who don't care, from doing so. Funny. -
Exactly. One reason I have told people in the past to avoid Internet Explorer, Adobe Reader and Adobe Flash, is not because there are frequently security vulnerabilities found in this software (there are), but because the vendor is often very slow to fix those vulnerabilities. Conversely, I often recommend Firefox even though there is a constant stream of vulnerabilities found, because Mozilla are reasonably quick to fix those vulnerabilities.Originally posted by wizard69 View Post
Leave a comment:
-
problem with that, PREVIOUS packagers ARE LEAVING THE dISTRO, EITHER TO ANOTHER dISTRO OR JUST NOT ENOUGH TIME ANYMORE, PEOPLE HAVE REAL paying JOBS SO THAT COMES FIRST BEFORE free open Source STUFF DOES which is probably why FlatPak has been introduced so people dont have to wait for Package Maintainers to update the PackageOriginally posted by cen1 View PostLeave a comment:
-
in my mind im thinking what took so long! This is somethinh i expect fro a distro
The key here is the lack of maintenance. If an app is no longer supported in a timely manner it is a security risk.Originally posted by duby229 View Post
What blanket statement? Nothing of the sort was stated.EDIT: The point I'm making is that they just made a blanket statement that they cannot possibly achieve,
Baloney! There is a huge difference between code that is actively maintained vs code no longer supportted.or else they would not have functional repository.
There seems to be some negativity here in this thread but frankly this is what i expect out of a distro and that is at least some attention to security. By the say this doesnt stop anybody from installing dodgy code themselves. It does make you responsible for security breached and questionable code.
In the end we might lose a handful of apps which is a small price to pay to get decent auditting.
Leave a comment:
-
Essentially this mechanism already exists. It's already used for non-free software. rpmfusion is the standard repository for non-free software that Fedora users want to use. Adding a repository to enable access to unmaintained software seems to be a reasonable approach.Originally posted by cybertraveler View Post
Leave a comment:
-
I think it would be better for their users to keep the vulnerable packages, but inform the users of current and historical vulnerabilities. This means the user still has the choice.
Their software centre program could provide this information.
For command line packages they could encode an extra field in the package labelled something like 'vulnerable'. If it is true, it would require the user to interactively confirm installation (having seen a warning) or non-interactively pass in a switch like '--allow-vulnerable-packages'.
Leave a comment:
-
That doesn't make much sense. You cannot read every proposal made to the project as a statement by the project. Anyone is allowed to file a ticket with a proposal at any time.Originally posted by duby229 View Post
Leave a comment:
-
When Fedora drops Chromium (new high-severity security bugs are found in each release), I guess they can also throw out the bundled software exception which was introduced specifically for that browser. Making their users more secure in the process.Originally posted by duby229 View Post
Leave a comment:
-
How about you let me install whatever I want and as much as I want? Fedora needs more packages, not less.Leave a comment:
Leave a comment: