On Mon, Aug 01, 2022 at 01:52:20PM +0300, Reco wrote: > Hi. > > On Mon, Aug 01, 2022 at 06:50:27AM +0200, tomas@tuxteam.de wrote: [...] > > It seems to be from Oracle [1]. Possibly a Java abomination. > > Nope. It's CPython + QT. But then again, it's totally possible to write > in Python in such way that users will think it's written in Java :) Thanks for actually looking it up and... for shattering my prejudices :) > The package they provide embeds its own copy of libssl (version 1.0 with > multiple known vulnerabilities), QT 4 (ditto), and libpython3 (version > 3.3, ditto) [...] ... the common euphemism for that nonsense being "vendoring". > so I would advise against using this particular utility for > any reason. Tha'd be my take, too. Cheers -- t
Attachment:
signature.asc
Description: PGP signature