Security of flatpak runtimes
Alexander Larsson
alexl at redhat.com
Thu Apr 6 08:11:19 UTC 2017
On Wed, 2017-04-05 at 16:38 +0200, Jiří Janoušek wrote:
> So the base of the Freedesktop runtime receives security updates, but
> how about extra modules built directly from source? For example,
> there
> have recently been a few security vulnerabilities in GStreamer (fixed
> in 1.10.3). Is GStreamer 1.8.3 in the GNOME SDK 3.22 still
> vulnerable?
I regularly update the latest stable gnome platform to the latest minor
stable releases. However, this is far from structured, and has no
special handling of CVEs.
Basically, currently the runtime maintainance is done by me with some
help from a few people, but it really needs a team that handles it,
with some extra focus on the security side.
However, there is also a fact that we can't support old releases
forever, so once we have a structure and team for this we need to
decide and publicize what support level the various runtimes has and
for how long.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
He's a shy umbrella-wielding jungle king gone bad. She's a provocative
mutant vampire with only herself to blame. They fight crime!
More information about the xdg-app
mailing list