[GTALUG] Flatpak: Anyone with Experience or Opinions on It?
John Sellens
jsellens at syonex.com
Fri Nov 3 13:22:02 EDT 2017
Those are not problems which are specific to linking to/using particular
versions of libraries.
How do you ensure that security updates of commands and configuration
files happen? It's not a new or different problem.
One can choose to use the default version, which by implication will
be the latest and greatest version that is installed on the machine.
And your program/package will get updates as they are installed.
If you use a particular version of the library:
- a local admin can choose to accept the risk
- a package maintainer can label the package risky, and/or
delete/disable/deprecate the package
- a program maintainer can update the code to use the new version
One can't abdicate responsibilty for security by assuming that your
binary will run with a secure version of a library.
Cheers
John
On Fri, 2017/11/03 01:09:47PM -0400, Dhaval Giani <dhaval.giani at gmail.com> wrote:
| How do you ensure security updates happen everywhere, or that you are
| not linking to an insecure version? What about old software which is
| no longer maintained? Also work is not duplicated?
|
| Dhaval
More information about the talk
mailing list