On Fri, Nov 29, 2013 at 05:11:52PM +0000, Ian Jackson wrote: > It is very alarming that web browsers are being presented as the > security benchmark for our new init system. So, I tend to agree with Joss here - Web browsers is the biggest attack surface that we have today, bar none. I don't think anyone really disputes this. The safety of modern web browsers is (well, minus a qualifier below), frankly, shockingly good. The amount of exploits from JS is crazy low for something that's able to do so much (store data locally, use WebGL / 3D rendering, play audio), it is shockingly hard to exploit. When you look at the entire stack (CSS parsers / evaluators, HTML parsers & evaluators, JS parsers and evaluators), the only disaster would be stuff like ActiveX. I'm not sure of it's state, since I've never run a platform that supports it, but I hear it's getting better. So, yes, browsers are a cespool, but it's one that runs complete garbage on the internet. I'd be stunningly happy to see an init system that can handle as much pure crap as browsers have to put up with :) More on-topic, I do think that the systemd bugs are more likely because people are playing with the code, exploring it for holes, and pushing them, which is healthy. I'm sure if you poked hard enough, most systems would show such bugs. (as has been already said, really) Cheers, Paul -- .''`. Paul Tagliamonte <paultag@debian.org> : :' : Proud Debian Developer `. `'` 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `- http://people.debian.org/~paultag
Attachment:
signature.asc
Description: Digital signature