Re: [Sks-devel] SKS debian package

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] SKS debian package

From:	Robert J. Hansen
Subject:	Re: [Sks-devel] SKS debian package
Date:	Sun, 29 Apr 2012 18:24:46 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120410 Thunderbird/11.0.1

> You are very very confused: db-1.85 went end-of-life
> in like 1994

Not at all.  That advisory, if you missed it, is from 2009.

I really don't care if db-1.85 was EOLed in 1994, 1984, or 1974.  What I
care about is that it *is still used today* and there are, within recent
memories, reports of serious problems with Berkeley DB.  This counters
what you say in "if there were any BDB 'security releases', you might
have a point."

There have been security problems with BDB, either directly in BDB or in
the software ecosystem surrounding BDB, and I believe sks is well-served
to avoid the embedding problem by using dynamic linking.  And that's all
I have to say on the subject.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] SKS debian package, (continued)

Prev by Date: Re: [Sks-devel] SKS debian package
Next by Date: Re: [Sks-devel] SKS debian package
Previous by thread: Re: [Sks-devel] SKS debian package
Next by thread: Re: [Sks-devel] SKS debian package
Index(es):
- Date
- Thread