On Tue, Feb 20, 2018 at 03:06:36PM -0800, Jamie Zawinski wrote:
> It is not my responsibility to secure Debian's laptop power management system.
>
> It is not my responsibility to integrate xscreensaver with Debian's laptop
> power management system.
>
> It is my responsibility to make *xscreensaver* as secure as it can be.
>
> It is my judgement that linking with additional massive,
> someone's-learning-experience libraries like dbus does exactly the opposite
> of that.
>
> Again, you have my sympathies that the operating system you choose to use
> treats security as an afterthought.
That's all fine, but it seems like the line is drawn arbitrarily.
libx11 alone has had numerous vulnerabilities over the last few years.
Ctrl+Alt+Backspace and similar are still not completely eradicated.
I'm not sure we should be bashing a < 1 MB library and daemon
when many larger and much more critical dependencies are guilty
of the exact same issues. Am I missing something specific to dbus?
--
2. That which causes joy or happiness.
