Subject: Re: Removing KDE2?
To: Matthias Drochner <>
From: Thomas Klausner <>
List: tech-pkg
Date: 03/09/2004 21:44:31
On Tue, Mar 09, 2004 at 09:38:36PM +0100, Matthias Drochner wrote:
> Perhaps we can patch around it...
> (The original link describing the bug is dead.)
> Otoh, the mere existence of a development library which might
> allow building of insecure apps does not mean much. It is the
> installation of a program which uses that lib as root or suid
> what causes the risk.

There's a list of vulnerabilities and partially patches at
I don't know which of these are already fixed in the package.

> So I'd say: leave at least kdelibs2. Maybe more, if the problem
> can be patched.

If someone _does_ the patching, I have no problem with that. :)