17 Jan
2005
17 Jan
'05
12:49 a.m.
On Sun, Jan 16, 2005 at 05:24:10PM -1000, Warren Togami wrote:
and IMHO a security risk. It will make security audits more difficult since unused packages are included and adds just that much more code that could have an exploit in it.
You are overstating the security risk of a single library package that is unused.
Still, this isn't a good direction to go. There *could* be security problems in any code, and not having what you don't need is the 100% sure way to avoid them. This needs to be split up more. And, it'd be nice to avoid updates which suddenly pull in new dependencies unless it's strictly necessary.
--
Matthew Miller mattdm@mattdm.org http://www.mattdm.org/
Boston University Linux ------> http://linux.bu.edu/