Böck: Multiple vulnerabilities in RPM – and a rant

Hanno Bick performed some fuzz testing on the dpkg and RPM package managersand reported the results; it seems that oneof the projects has been rather more responsive than the other infixing these issues. "The development process of RPM seems to betotally chaotic, it's neither clear where one reports bugs nor where onegets the latest code and security bugs don't get fixed within a reasonabletime. There's been some recent events that make me feel especially worriedabout this..." It seems that some of the maintenance issues withRPM may not have improved greatly since they were reported here ten years ago.