Author: Andrew Language: text
Description: Ubuntu Click Packages are a poor idea! Timestamp: 2013-05-19 15:43:11 +0000
View raw paste Reply
  1. Hey Guys,
  2. <insert praise here>. With regards to ubuntu's new packaging system.
  3. <rant>
  4. 1) Most applications DO NOT already package their own libraries. At least not the ones shipped in Debian. Debians policy is such that it's very hard for an application to ship with it's own version of a library. The package maintainer usually takes care of this.
  5.  
  6. 2) The reason shared libraries is a good idea has nothing to do with disk space. It's security. Not that long ago Microsoft had a vulnerability with one of it's core libraries that every single visual studio application shipped with.
  7.  
  8. That means that any application compiled with that version or older of visual studio is today still vulnerable to the attack. I think it was a GDI issue in the cell layout ...regardless... This can't happen with Debian / Fedora et al today. If an openssl flaw is found, the distros ship a patched version and _every_ application that uses SSL is patched.
  9.  
  10. I worked as a sysadmin not to long ago and our no 1 problem was unpatched wordpress / joomla installs. If Wordpress / Joomla and their associated plugins were installable as a system library then the admin could keep it up to date and I guarantee you wouldn't see the level of exploitation you do today.
  11.  
  12. Apple has this problem today and you can see on various security lists new e xploits every few days from applications shipping old versions of libraries. It sometimes takes 3 weeks for apple to approve applications. A 3 week lag time on something like libjpeg could make a massive difference. Sure, the sandbox will be there ( apparmor i imagine) however that doesn't help the data in your application. And i imagine there will be inter process communication with whatever you have granted permissions to....phone / sms etc..
  13.  
  14. Anyway, this is poor idea IMHO. </rant>
  15.  
  16. Andrew
View raw paste Reply