Retiring ksensors, possibly id3lib as well?
Conrad Meyer
cemeyer at u.washington.edu
Wed Oct 7 20:04:35 UTC 2009
On Wednesday 07 October 2009 12:55:10 pm Lyos Gemini Norezel wrote:
> On 10/07/2009 03:19 PM, Björn Persson wrote:
> > Lyos Gemini Norezel wrote:
> >> Is there valid, logical, reasoning to continue to support such old code?
> >
> > Are there any bugs that are so severe that we can't continue using the
> > software?
>
> No, actually.
>
> Surprisingly enough... there are no current bugs open against id3lib.
>
> > If not: Why throw out working software just because it's old?
>
> Don't security risks grow exponentially as software 'bit rots'?
Is it possible that id3lib is 'complete'? The id3 format isn't extremely
complicated, it may just be a completely finished library. (Keep in mind,
though, that I'm not familiar with the code.)
As far as being a security risk... it's not a network daemon, and there's no
reason it should have suid root or anything like that. I imagine the worst you
could do is throw a malformed media file at it.
Regards,
--
Conrad Meyer <cemeyer at u.washington.edu>
More information about the fedora-devel-list
mailing list