Tiny Core Linux

Tiny Core Extensions => TCE Talk => Topic started by: BobBagwill on October 12, 2012, 01:08:22 PM

Title: drop old dropbear 0.52 app?
Post by: BobBagwill on October 12, 2012, 01:08:22 PM

The SCM version of dropbear is the most recent.  The regular application is older and has a security vulnerability.  Should the regular app be dropped, at least until someone builds the newer version?  Is there a SOP for dealing with security vulnerabilities in apps?  THanks.

Title: Re: drop old dropbear 0.52 app?
Post by: curaga on October 13, 2012, 01:30:52 AM

It should be updated, but I'm too busy in the near future.

So far extensions have only been dropped if they're broken, or at the request of the extension creator. There isn't a SOP for security issues here currently, but IMO it's better not to drop a working app.