Warren Togami wrote:
You are overstating the security risk of a single library package
that
is unused.
It isn't a single package, and it isn't limited just to the libraries
(it includes some daemons too).
Lately this is becoming a trend. howl and howl-libs are must-have for
GNOME (and bunch of other packages), and soon will become must-have for
KDE. NetworkManager now requires bind and caching-nameserver. And
those are just the few discussed on this mailing list in last couple of
days.
So yeah, we do have a security issue here. User's systems are getting
bloated with libraries *and* services that it starts to look as
out-of-box Windows installation. And we all know how secure that is.
--
Aleksandar Milivojevic <amilivojevic(a)pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7