Re: Bug#727708: systemd (security) bugs
On Tue, 03 Dec 2013, Tollef Fog Heen wrote:
> ]] Russ Allbery
> > Don Armstrong <don@debian.org> writes:
> >
> > > Projects which have multiple components, each of which has
> > > different security/interface surfaces without stable defined
> > > interfaces, can lead to problems when one set of developers
> > > doesn't understand the security implications of the parts that
> > > they do not work on.
> >
> > It's unclear to me that this is a correct characterization of
> > systemd. Do the separate components of systemd not have stable,
> > defined interfaces? I know they largely don't have other
> > implementations, but that's not the same thing.
>
> http://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/
>
> has a table with the various interfaces and their status.
This was useful; thanks for linking to this.
[...]
> > If the interfaces for those supplemental components are actually
> > unstable, that's going to pose problems all around, but I'm not sure
> > how directly relevant to this discussion that is since we're going
> > to have to deal with those components *anyway*.
Right; I think we definitely should integrate many of the components
that are being developed. I'm just concerned that the
component<->systemd interface is still changing, and because the
codebase is integrated, there's less of a requirement to communicate and
document what that interface is than there would be if they were
distinct projects.
This concern isn't very strong, but it was piqued when udev development
was brought into systemd; I'm still not certain why that was necessary.
--
Don Armstrong http://www.donarmstrong.com
It is easier to build strong children than to repair broken men.
-- Frederick Douglass
Reply to: