Re: sandboxing,of upstream programs by distros
Open Source Security
Posted by Demi Marie Obenour on Oct 14
Which software is this? Are there plans to at least fix the known
memory safety problems? If not, I think it would be best to disable the
known-vulnerable features by default. If the entire software package is
vulnerable, I recommend deprecating it and recommending that downstream
users migrate to a more secure alternative.
You have to be willing to break compatibility to at least some degree.
If you try to support everything, you wind up…