Re: Anti-bundling materials

●To: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost> ●Subject: Re: Anti-bundling materials ●From: Jason Bacon <outpaddling%yahoo.com@localhost> ●Date: Sat, 21 Aug 2021 17:19:12 -0500

On 8/21/21 12:33 PM, J. Lewis Muir wrote:

As you said, this practice "leads to security issues and other bugs that
are difficult to fix because the software uses an outdated API."  I'm
not sure what you mean by "difficult to fix because the software uses an
outdated API" (I would think that would actually make the software more
likely to keep working because it has bundled the library with the API
that it uses), but in general, the exact same issues, and more outlined
in some of the resources you posted upthread, exist for the 99% that are
not being addressed.

What I'm saying here is the bundled library *is* the problem since it has known vulnerabilities or bugs, and we can't just hack the build system to use an up-to-date replacement from pkgsrc since the API is different. There is one such tool I won't name that bundles an outdated SSL library, which people are using to process private health information.

●Follow-Ups: ●Re: Anti-bundling materials ●From: Rhialto ●Re: Anti-bundling materials ●From: J. Lewis Muir ●References: ●Anti-bundling materials ●From: Jason Bacon ●Re: Anti-bundling materials ●From: J. Lewis Muir ●Re: Anti-bundling materials ●From: Jason Bacon ●Re: Anti-bundling materials ●From: J. Lewis Muir

●Prev by Date: Re: Anti-bundling materials ●Next by Date: Re: Anti-bundling materials ●Previous by Thread: Re: Anti-bundling materials ●Next by Thread: Re: Anti-bundling materials ●Indexes: ● reverse Date ● reverse Thread ● Old Index Home | Main Index | Thread Index | Old Index