SocialJusticeHeals

joined 2 years ago

@TheBaldness
For apps that Apple controls that may be fine, but most people do not get their apps from a single vendor and not all vendors are fast at pushing updates.

[–] SocialJusticeHeals@mastodon.social 6 points 1 year ago (2 children)

@TheBaldness
When you bundle everything for an app inside a self-contained directory, it's no different than static linking a binary.

An exploit in a library the package links against means that application is still vulnerable even if the same library on the operating system has been updated to fix the security flaw.

[–] SocialJusticeHeals@mastodon.social 5 points 1 year ago (4 children)

@TheBaldness
No. Static libraries are a security risk.
@wet_lettuce

[–] SocialJusticeHeals@mastodon.social 8 points 1 year ago (2 children)

@wet_lettuce
Should be /etc or /usr/local/etc or /opt/etc or /opt/vendor/product/etc or ~/etc.

With some exceptions for historic compatibility (like ~/.bashrc)

The man page should specify where.