On Wednesday 07 October 2009 12:55:10 pm Lyos Gemini Norezel wrote: > On 10/07/2009 03:19 PM, Björn Persson wrote: > > Lyos Gemini Norezel wrote: > >> Is there valid, logical, reasoning to continue to support such old code? > > > > Are there any bugs that are so severe that we can't continue using the > > software? > > No, actually. > > Surprisingly enough... there are no current bugs open against id3lib. > > > If not: Why throw out working software just because it's old? > > Don't security risks grow exponentially as software 'bit rots'? Is it possible that id3lib is 'complete'? The id3 format isn't extremely complicated, it may just be a completely finished library. (Keep in mind, though, that I'm not familiar with the code.) As far as being a security risk... it's not a network daemon, and there's no reason it should have suid root or anything like that. I imagine the worst you could do is throw a malformed media file at it. Regards, -- Conrad Meyer <cemeyer@xxxxxxxxxxxxxxxx> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
