RE: Ilfak's WMF patch

["Larry Seltzer" <larry () larryseltzer com>]

Bear in mind that this patch does explicitly break functionality and even
Ilfak says that when a real patch is available you should uninstall his. 

The real question here is whether there is any legitimate use, let alone
significant legitimate use, of the broken functionality out in the real
world. The people who are "testing" and endorsing this patch aren't exactly
running large test suites of real software through it. For all we know there
are important graphics programs that are broken by it, and I think Ilfak is
cautious on this point.

I'm getting ready to write about this myself and I'm thinking of saying that
in the interim I'm only really concerned with whether a) it's effective and
b) the uninstall works properly. If (a&b) then it's probably a good idea at
least to test the patch in order to see if it breaks your applications. By
tomorrow morning if I see no reports of problems I'll be satisfied enough of
b and every report so far tells me a is true, although I'd like to see more
organized testing.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.