Subject: Re: Removing KDE2?
To: Thomas Klausner <wiz@NetBSD.org>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
Date: 03/09/2004 21:38:36
> The vulnerability affects the kdelibs2 package...
Perhaps we can patch around it...
(The original link describing the bug is dead.)
Otoh, the mere existence of a development library which might
allow building of insecure apps does not mean much. It is the
installation of a program which uses that lib as root or suid
what causes the risk.
> What do you suggest?
So I'd say: leave at least kdelibs2. Maybe more, if the problem
can be patched.
> it currently doesn't even install because of some kdmrc trouble
I've seen it in the buildlog report, but atm I don't even get so
far because I've messed up the x11 installation on my development
box. (which is an amd64 now - the new src/x11 stuff doesn't like