Christopher Aillon wrote:
The kernel has more vulnerabilities[1] than this user-space application does. Let's reconsider having that in the distro, too.
With respect this is not a good response to my question. How many kernel problems are remote-exploitable? Does the kernel of itself visit random external "scripts" on the Internet and execute what it finds there? No. But a browser is designed to do such actions. If we really do talk about code of such complexity that "MASSIVE changes which took several architects months to perfect, and it STILL caused 10-20 regressions" it's a lot more frightening to hear that about usermode code that exists to go out to a potentially hostile Intenet on behalf of a logged-in user than it is to hear the same about a kernel where the vast bulk of vulns are local only. Objectively, looking at your description of security fixes on the beast, shouldn't people take pause at a creature that is so complex and poorly understood, but is our main proposed way of interfacing to the good and evil of the external world?
-Andy -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list