GStreamer and the state of Linux desktop security

Posted Dec 11, 2016 10:21 UTC (Sun) by liam (guest, #84133)
In reply to: GStreamer and the state of Linux desktop security by intgr
Parent article: GStreamer and the state of Linux desktop security

Sure, but I wasn't as much referencing the article as this comment by ncm:

The comments about Rust as an alternative seem to miss that the overwhelming majority of software at risk does not need to be rewritten. Mainly it is the code that operates on untrusted input -- media and fonts, in particular -- that needs a rewrite.

ncm then went on to specify that we need to focus on the code that handles foreign data (so, mostly a parsing issue). My point was to simply reiterate Linus' stance because, aiui, the reason "a bug is a bug" is because it's far from obvious that bugs which aren't tagged as security issues can't be used by malicious actors to help them achieve their goal. So, it's not that I expect people to obey Linus but simply I thought it worth recalling his thoughts on this matter (again, aiui).