Re: libc (again)

To: Ian Murdock <imurdock@debian.org>
Cc: debian-devel@Pixar.com
Subject: Re: libc (again)
From: Richard Kettlewell <richard@elmail.co.uk>
Date: Tue, 12 Sep 95 17:23:40 +0100 (BST)
Message-id: <[🔎] cMlrgc5CQ7@muskogee.elmail.co.uk>
In-reply-to: <[🔎] m0ssXm2-000169C@imagine.imaginit.com>
References: <[🔎] m0ssXm2-000169C@imagine.imaginit.com>

Ian Murdock writes:

>On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
>releasing a system with an exploitable and (now) well-known security
>hole.  On the other hand, if we release Debian 0.93 with libc 4.7.4,
>we are releasing a system with a new and unreleased (!) library that
>cannot compile Motif programs and that has seen little practical use.
>
>What in the world should we do about this!?!  Any ideas?

How much effort would it be to patch libc 4.6.27?  I assume from the
fact that you haven't just done it that it isn't trivial.  Is a patch
available anywhere or is everybody supposed to live on the bleeding
edge of 4.7.4 these days?

I'm downloading the Debianised source for 4.6.27-5 now, but I've not
even looked at the libc source before so don't expect too much from
me.

>I do have good news: Richard Stallman told me last week that GNU libc
>has just been ported to Linux.  I suggest we start using that as soon
>as we change to ELF.

If it's `just' been ported is it any more stable than 4.7.4?  (I
have never used 4.7.4, I have only hearsay to go on.)

-- 
Richard Kettlewell                 <URL:http://www.elmail.co.uk/staff/richard/>
Home+work: <richard@elmail.co.uk>
Home only: <richard@sfere.elmail.co.uk>

Reply to:

Follow-Ups:
- Re: libc (again)
  - From: Ian Murdock <imurdock@debian.org>

References:
- libc (again)
  - From: Ian Murdock <imurdock@debian.org>

Prev by Date: libc (again)
Next by Date: Re: libc (again)
Previous by thread: libc (again)
Next by thread: Re: libc (again)
Index(es):
- Date
- Thread