oss-sec mailing list archives
Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl)
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 25 Jan 2017 16:48:04 -0500
tl:dr; use Fedora or OpenSuse and their mingw-w64* packages to cross-compile and package from Linux; if you use Windows or OS X or anything else, use one of these in a VM.
Maven and Git are noteworthy here. Maven was infamous for outdated packages. Confer, "The Vulnerability Dataset of a Large Software Ecosystem", http://bkarak.wizhut.com/www/pubs/pdfs/badgers2014.pdf. Git took it to the next level and made it distributed. Instead of one outdated repo like Maven, we now have hundreds or thousands of outdated followers who don't pulll from master. Jeff
Current thread:
- Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Hanno Böck (Jan 24)
- Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Adrien Nader (Jan 25)
- Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Jeffrey Walton (Jan 25)
- Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Adrien Nader (Jan 25)