Bug#727708: systemd (security) bugs

[Russ Allbery <rra@debian.org>]

Ian Jackson <ijackson@chiark.greenend.org.uk> writes:
> Russ Allbery writes ("Re: Bug#727708: systemd (security) bugs"):

>> Another point here is that it's sounding like we'll be using a lot of
>> those services regardless, at least on systems that need them, which
>> means that their security track record and bug rate is somewhat
>> irrelevant for this discussion provided that running systemd doesn't
>> force them to be running on systems that don't need them.  [...]

> I don't think that's entirely true.  I think it is fair to look at the
> security history of other parts of the same project as indicative
> regarding code quality.

Oh, sure, I do understand that part.  But when trying to draw inferences
there, it's also important to realize that several of those components
were amalgamated after the fact and had different original authors.
systemd is quite the large tent project right now.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>