17 Jan
2005
17 Jan
'05
10:41 a.m.
Warren Togami wrote:
You are overstating the security risk of a single library package that is unused.
It isn't a single package, and it isn't limited just to the libraries (it includes some daemons too).
Lately this is becoming a trend. howl and howl-libs are must-have for GNOME (and bunch of other packages), and soon will become must-have for KDE. NetworkManager now requires bind and caching-nameserver. And those are just the few discussed on this mailing list in last couple of days.
So yeah, we do have a security issue here. User's systems are getting bloated with libraries *and* services that it starts to look as out-of-box Windows installation. And we all know how secure that is.
--
Aleksandar Milivojevic amilivojevic@pbl.ca Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7