[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Retiring ksensors, possibly id3lib as well?



On Wednesday 07 October 2009 12:55:10 pm Lyos Gemini Norezel wrote:
> On 10/07/2009 03:19 PM, Björn Persson wrote:
> > Lyos Gemini Norezel wrote:
> >> Is there valid, logical, reasoning to continue to support such old code?
> >
> > Are there any bugs that are so severe that we can't continue using the
> > software?
> 
> No, actually.
> 
> Surprisingly enough... there are no current bugs open against id3lib.
> 
> >   If not: Why throw out working software just because it's old?
> 
> Don't security risks grow exponentially as software 'bit rots'?

Is it possible that id3lib is 'complete'? The id3 format isn't extremely 
complicated, it may just be a completely finished library. (Keep in mind, 
though, that I'm not familiar with the code.)

As far as being a security risk... it's not a network daemon, and there's no 
reason it should have suid root or anything like that. I imagine the worst you 
could do is throw a malformed media file at it.

Regards,
-- 
Conrad Meyer <cemeyer u washington edu>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]