From: D-Nice <D-Nice@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: apvlv: update to 0.2.0
Date: Tue, 22 Dec 2020 21:25:15 +0100 [thread overview]
Message-ID: <20201222202515.Vf-G4SnCeHQ1HeMO30Jet3YhHLqgsddRlgRV25BDehE@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-27312@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 3248 bytes --]
New comment by D-Nice on void-packages repository
https://github.com/void-linux/void-packages/pull/27312#issuecomment-749759377
Comment:
@ericonr There's none necessarily with active CVEs, I'm just surprised if a major version change, really requires 21 dependencies compared to the last, in which case I mentioned what the best solution for me would be then, probably hold for a bit and remove it.
For posterity, here are all the new dependencies the apparent update from apvlv 0.1.5_8 to 0.2.0_1 requires:
```
bubblewrap install - 0.4.1_2 29KB
xdg-dbus-proxy install - 0.1.2_1 20KB
gsettings-desktop-schemas install - 3.38.0_1 710KB
libproxy install - 0.4.15_1 -
glib-networking install - 2.66.0_1 127KB
libpsl install - 0.21.1_1 60KB
brotli install - 1.0.9_2 384KB
libsoup install - 2.72.0_1 334KB
libwoff2common1.0.2 install - 1.0.2_1 4072B
libwoff2dec1.0.2 install - 1.0.2_1 19KB
gstreamer1 install - 1.16.2_1 1131KB
libcdparanoia install - 10.2_14 39KB
libvisual install - 0.4.0_9 -
graphene install - 1.10.2_1 58KB
gst-plugins-base1 install - 1.16.2_2 2141KB
libhunspell1.7 install - 1.7.0_2 133KB
enchant install - 1.6.0_8 30KB
hyphen install - 2.8.8_2 49KB
webkit2gtk install - 2.30.4_1 24MB
libzip install - 1.7.3_1 82KB
ebook-tools install - 0.2.2_3 21KB
```
And there's a bunch here with a history of CVEs, which isn't worth having on my system for a single app, just as a personal philosophy and security practice:
https://www.cvedetails.com/vulnerability-list/vendor_id-283/product_id-16275/Gnome-Glib.html
https://www.cvedetails.com/vulnerability-list/vendor_id-283/product_id-21096/Gnome-Libsoup.html
https://www.cvedetails.com/vulnerability-list/vendor_id-9481/Gstreamer.html
https://www.cvedetails.com/vulnerability-list/vendor_id-11350/Webkitgtk.html
I am a user for the underlying minimalism potential the distro (void) provides, albeit I understand the current direction isn't necessarily one of minimalism, but I think it would be a preferred practice to not just pull in a whole bunch of dependencies unless strictly necessary, which I am not aware if that is or isn't the case here. If it in fact is, then I just need to find a more minimalist alternative to apvlv, and end of discussion.
next prev parent reply other threads:[~2020-12-22 20:25 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-20 20:14 [PR PATCH] " logenkain
2020-12-20 21:01 ` ericonr
2020-12-20 21:41 ` [PR PATCH] [Merged]: " ericonr
2020-12-22 1:06 ` D-Nice
2020-12-22 1:43 ` ericonr
2020-12-22 20:25 ` D-Nice [this message]
2020-12-22 20:29 ` ahesford
2020-12-22 20:35 ` ericonr
2020-12-22 21:39 ` D-Nice
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201222202515.Vf-G4SnCeHQ1HeMO30Jet3YhHLqgsddRlgRV25BDehE@z \
--to=d-nice@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).