On Fri, Jan 28, 2022 at 3:04 PM Robbie Harwood <rharwood@xxxxxxxxxx> wrote: > > Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> writes: > > > ...and yet despite being so easy to review it somehow had a major > > security vulnerability ever since it was written. > > This is not a good metric. easy to review != was sufficiently reviewed, > and getting sufficient code review might be the hardest problem in > software engineering. > > Additionally, if a project has never had an issue, it's just as likely > that no one has ever really looked at it than that it's "safer". > Actually, someone had conceived that it might be a problem in 2013: https://ryiron.wordpress.com/2013/12/16/argv-silliness/ -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure