Re: Proposal: removing urio(4), Rio 500 MP3 player (1999), and Rio-related packages

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Thu, Jan 02, 2020 at 08:36:51PM +0100, Maxime Villard wrote:
> 
>  - uscanner, which was brought up by other people for an unrelated reason.
>    It was removed from FreeBSD in 2009, from OpenBSD in 2013, and disabled
>    in NetBSD in 2016. It has been superseded by ugen+SANE.

I would like to suggest that the use of "generic" USB/SCSI/etc. devices
that allow sending arbitrary commands from userland is one of the least
safe design patterns in modern operating systems.  Not all security
issues are accidental - some work as designed, and I think this is one
such.

So it's a bit of a shame to see uscanner or any other target-specific
driver go, with an inherently unsafe generic target driver as replacement,
though perhaps in this case it's necessary.

-- 
 Thor Lancelot Simon	                                     tls%panix.com@localhost
  "Whether or not there's hope for change is not the question.  If you
   want to be a free person, you don't stand up for human rights because
   it will work, but because it is right."	--Andrei Sakharov