tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adobe Reader



    Date:        Mon, 1 Feb 2010 21:04:16 +0900
    From:        SODA Noriyuki <soda%yuruyuru.net@localhost>
    Message-ID:  <19302.49984.914297.228828%gargle.gargle.HOWL@localhost>

I don't use acrobat (acroread*) and don't care about the subject of
this mail, but ...

  | This is not really correct, because you are ignoring risks to continue
  | to use it.   It's is too dangerous to use acroread 4 and 5 these days,
  | so it's far from "fine".

please don't make arguments like that.   First, I doubt that you really have
any idea who might, or might not, be ignoring anything, and second, what is
"too dangerous" all depends upon a risk/benefit analysis of which the outcome
will depend upon the risks and costs of each individual site, and which I
doubt that you have carried out (for everyone).

By all means decide that those applications are too risky for you, and if
that means that where you once might have maintained the packages, you now
won't, because you no longer use them, then fine - and if that means they
bitrot because they're no longer maintained, also fine - then they can be
deleted because of lack of use and maintenance (no longer install/work or
whatever).

But you really cannot conclude that they're too dangerous for everyone,
I am fairly sure they're not too dangerous for me, because as I understand
it, all of the security problems with the acroread set of packages are relevant
only if an attacker can somehow trick me into accessing a bogus PDF file
using that application (and then they might be able to take over my
account).   But since I don't use acroread (any version) for reading PDF
files (and nor do my MUA nor browser, nor anything else), that's going to
be quite difficult for an attacker to accomplish.

Given that, I believe that acroread is 100% safe for me, it isn't dangerous
at all, and if I wanted to have it installed, just so I can show people
"sure, I have acrobat, there it is, but I use ..." I don't see what the
problem would be?  What threat do you think I'm under?   (And if that's
what I wanted, most probably I'd want the smallest version of acrobat I
could find, regardless of how useful (or dangerous) it would be were I
ever to run the thing.)

kre



Home | Main Index | Thread Index | Old Index