Catanzaro: Do you trust this application?
Catanzaro: Do you trust this application?
[Security] Posted Mar 13, 2016 10:40 UTC (Sun) by corbet
Michael Catanzaro laments
the poor level of security provided by free-software applications,
focusing on TLS verification issues in particular.
"In the case of Shotwell, the issue has been fixed in git, but it
might never be released because nobody works on Shotwell anymore. I
informed distributors of the Shotwell vulnerability three months ago via
the GNOME distributor list, our official mechanism for communicating with
distributions, and advised them to update to a git snapshot. Most
distributions ignored it. This is completely typical; to my knowledge, the
stable releases of all Linux distributions except Fedora are still
vulnerable.
"