On 11/06/2013 04:05 PM, Adam Jackson wrote:
On Wed, 2013-11-06 at 09:36 +0100, Roberto Ragusa wrote:
On 11/04/2013 07:30 PM, Alberto Ruiz wrote:
A media codec should not be a system wide component (I'd go as far as
saying it should not be user-session wide, but application bundled).
???
Would you so apply the same reasoning to libjpeg and libtiff?
Security nightmare.
It's only a nightmare because we've steadfastly refused to build the
tools to a) track library bundling inside app-bundles b) automate bundle
rebuilds c) force replacement of bundle contents either by sysadmin
action or by policy.
You also have to port security fixes to all slightly different bundled
versions. Not every security fix is that trivial two-liner, and
libraries which benefit most from bundling (because they have unstable
APIs and are under heavy development) are exactly those where
backporting is hard. That is the really hard problem.
Tracking bundling and defective bundled software is no picnic either,
but at least it can be somewhat automated (see the Victims project for
Java/Maven, or some of the bundling detection logic in Lintian). That's
much harder with backporting.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
