Re: Retiring ksensors, possibly id3lib as well?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 07 October 2009 12:55:10 pm Lyos Gemini Norezel wrote:
> On 10/07/2009 03:19 PM, Björn Persson wrote:
> > Lyos Gemini Norezel wrote:
> >> Is there valid, logical, reasoning to continue to support such old code?
> >
> > Are there any bugs that are so severe that we can't continue using the
> > software?
> 
> No, actually.
> 
> Surprisingly enough... there are no current bugs open against id3lib.
> 
> >   If not: Why throw out working software just because it's old?
> 
> Don't security risks grow exponentially as software 'bit rots'?

Is it possible that id3lib is 'complete'? The id3 format isn't extremely 
complicated, it may just be a completely finished library. (Keep in mind, 
though, that I'm not familiar with the code.)

As far as being a security risk... it's not a network daemon, and there's no 
reason it should have suid root or anything like that. I imagine the worst you 
could do is throw a malformed media file at it.

Regards,
-- 
Conrad Meyer <cemeyer@xxxxxxxxxxxxxxxx>

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux