Re: Reducing the attack surface caused by Berkeley DB...
- Date: Sat, 27 Jan 2018 14:35:27 +0200
- From: Adrian Bunk <bunk@xxxxxxxxxx>
- Subject: Re: Reducing the attack surface caused by Berkeley DB...
On Sat, Jan 27, 2018 at 12:25:20PM +0100, Lionel Debroux wrote:
> Hi Adrian,
> On 1/27/18 6:27 AM, Adrian Bunk wrote:
> > There doesn't seem to be any disagreement on the general idea,
> > the only thing missing is a person doing the work on getting
> > all Debian packages ported away from Berkeley DB while ensuring
> > that users don't lose data due to that.
> Before we can envision reaching such an ambitious, longer-term goal,
> we'll collectively have to work on small, achievable goals and tasks...
"collectively" = noone is feeling responsible and nothing gets done
In a project the size of Debian there are plenty of tasks this size or
even bigger, and usually they get done if and only if there are one
or few people who consider themselves responsible.
In the case of Berkeley DB, this means there has to be someone who
takes care of that for several years until the removal is finished.
Someone might have the name Lionel. ;-)
"small goals" also have the problem that there is no bigger picture.
As an example, I am the maintainer of bogofilter.
bogofilter supports several DB backends, but virtually all users are
using the Berkeley DB one.
If I would drop the Berkeley DB backend in a release where Debian
does still support Berkeley DB, I'd just screw the users of my
package for no good reason.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed