[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the security issues affecting dcraw/ufraw/libraw/rawtherapee/rawstudio/exactimage/freeimage in Squeeze

in this case, David has right.. there's no sense in made security patches for packages that changes dinamycally, a new backport maybe.. but now i know that squeeze are very obsolete and a backporting for jeese its a right way 

2015-06-04 2:42 GMT-04:30 David Bremner <david@tethera.net>:
darktable is probably a good example of a package where even security
support doesn't make much sense.

- The code is changing very quickly to support new camera hardware;
  upstream already considers the version in Jessie obsolete.

- It's consumer/desktop code. I guess there's no server infrastructure
  depending on photo editing software. I'm just not that sympathetic to
  the individual user who hasn't upgraded from squeeze.

- The software is quite demanding; essentially it is barely functional
  on 32 bit machines because of memory demands. So I doubt very much
  there are many people running it on old computers.

- The development version (for stretch) will actually be more secure,
  since it eliminates libraw, a constant source of CVEs.

about that: 
My expectation when uploading a backport is to support it until the next
stable release. Sorry LTS people, but in this case your itch is not my
itch. If that's wrong, please let me know, and I'll think very carefully
about what I backport in the future.
I think this are too severe.. backporting make more flexible the time of usage for novel users that loves the stability and peace of installations (i still have a lenny laptop with some games for my children)

Reply to: