On Fri, Jul 26, 2013 at 8:32 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
> but to say a core / apps separation is fundamentally flawed is incorrectit is correct
* go and play around with "ldd /usr/bin/whatever-application
* look how many share openssl, nspr, nss, libxml and a lot of more
* and now draw the picture of the result fix a security issue in libxml
This assumes that you have a single source for the fix delivery.
In the OS/App differentiation, you are expecting each is coming from a different source.
Apps are either boxed, or coming from a project.
The app provider should fix their version of libxml, and the OS provider should fix their version of libxml.
Are there periods of vulnerability? Yes.
Now, if the OS and the Apps come from the same source, example - Fedora, could Fedora Project do something innovative such that the fix to the OS and App arrive almost simultaneously?
Possibly - but requires rethinking the build workflow to enable multi-target capability and a better understanding of how different languages and applications have hidden PATH assumptions.
Is Fedora capable of innovating on this level? I think so. There are a lot of smart folks here.
-subhendu
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
