Subject: Re: Removing KDE2?
To: Matthias Drochner <M.Drochner@fz-juelich.de>
From: Thomas Klausner <wiz@NetBSD.org>
List: tech-pkg
Date: 03/09/2004 21:44:31
On Tue, Mar 09, 2004 at 09:38:36PM +0100, Matthias Drochner wrote:
> Perhaps we can patch around it...
> (The original link describing the bug is dead.)
> Otoh, the mere existence of a development library which might
> allow building of insecure apps does not mean much. It is the
> installation of a program which uses that lib as root or suid
> what causes the risk.
There's a list of vulnerabilities and partially patches at
http://www.kde.org/info/2.2.2.php
I don't know which of these are already fixed in the package.
> So I'd say: leave at least kdelibs2. Maybe more, if the problem
> can be patched.
If someone _does_ the patching, I have no problem with that. :)
Thomas