Hello, On Jul 14 12:55 Carlos E. R. wrote:
On 2015-07-14 11:04, Johannes Meixner wrote:
What is your ultimate goal?
If it is security, I think it does not really matter whether or not an insecure package is installed by default. I.e. when an insecure package is not installed by default but when it is provided by openSUSE to be installable, then maintenance updates for security issues are needed.
If security in future openSUSE releases should be improved the insecure package would have to be completely dropped from future openSUSE releases (as far as I know).
You are absolutely right...
However, then users would have to get the package from somewhere else, and we would not update it as soon as possible, but when somebody or something tells us that maybe there is an update. Like FF refusing to run it.
It is better, in that sense, that updates, insufficient as they may be, are provided by the usual automatic (for users) channels. Safer for us, users :-)
Interesting thought: To make openSUSE actually more secure for end-users it is better when openSUSE provides (and maintains) usually needed but "known-to-be-insecure" software (if possible). In other words: We (openSUSE) should provide you (end-users) even "crap software" when the "crap software" is usually needed by you (provided it is legally allowed to provide it to you) because this way it is still better for you compared to when you would have to get the "crap software" on your own from whatever unknown place. I think the idea behind is valid. But I assume the problem is to find volunteers who like to maintain "crap software" for openSUSE and continuously deal with often somewhat demanding or even unfriendly users who have issues with "crap software" (unsurprisingly).
From 2003 to 2005 I was maintainer of the Adobe Reader. I would never ever maintain Adobe's Flash Player.
Kind Regards Johannes Meixner -- SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard, Dilip Upmanyu, Graham Norton - HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org