get rid of gstreamer-0.10 series, for a start, but that will never happen with Fedora

Please link to the bug that fulfills the criteria:
"If a CRITICAL or IMPORTANT security issue is currently open against a package, or a security issue of lower severity has been open for at least 6 months."

Fedora tried to get rid of that gstreamer series some releases ago due to security issues witrh it. , afaik though they cant drop it due to other packagesa depending on that gstreamer series , ( soundconverter 3.0.0 ) should no longer depend on gstreamer0-10 series where as the previous ones did. , there was something said about why gstreamer0-10 series in i think the devel-mailing list. but all you'd have to do is check in dnf what packages still depend on gstreamer0-10.

here is the list https://lists.fedoraproject.org/arch...E7JPR47UQABAV/

Your link makes reference to one vulnerability, which has been fixed.


Try again.

They need to ditch pycrypto, which is bug-ridden and unmaintained.


There is already pycryptodomex, which is unfortunately installed in parallel. They need to replace it entirely with pycryptodome (without -x).

See guys? finite9 you might be interested in this. From the other thread about why flatpak is needed and why the current distro packaging sucks, this is the perfect proof.

No, it's not about these packages and it's not about the security implications at all that I'm speaking about. It's a far broader point: packages of your application (basically, your app's distribution itself) get dropped at the decision of someone else. That's why it's not sane and no dev wants it.

If they do this, surely they can find tons of other reasons to drop anything else, without the application author having a say whatsoever.


Unfortunately I just realized that ELF is so bad and broken that not even flatpak can save it in some cases. Think of running a DAW like Reaper on Linux, which uses GTK3. Let's say you have flatpak with Reaper and all is well. Now try loading a GTK2 plugin in it.

Nope, not gonna happen, because of ELF. Running Reaper in Wine solves this completely. Windows has no such issue, neither does Wine, because they both use something sane called PE/COFF/DLLs.

There's nothing flatpak can do about it. At this point, ELF needs to get scrapped and Linux either needs to support DLLs, or FORCEFULLY demand that all libraries use symbol versioning.

First time I've ever seen DLLs called "sane".

This is so warped, delusional, and misinformed that all I can do is roll my eyes and move on.

You don't need Flatpak or Snap or some other similar technology to distribute your own software, you can do that using the existing package management systems, and several software projects have been doing that for a very long time.

This has nothing to do with ELF vs. PE/COFF.

Also, why does Reaper let plugins load/use their own GUI library into the same process? That seems like a bad design…
And Reaper seems to use its own GUI library and not Gtk for its main window?