On Tue, 14 Dec 2004 10:27:50 +0000, Tim Waugh <twaugh@xxxxxxxxxx> wrote: > On Mon, Dec 13, 2004 at 08:18:37PM -0600, Steve Bergman wrote: > > > I'm interested to know what the reasons were for switching from TightVNC > > to RealVNC. I know that earlier versions of RedHat/Fedora Linux used > > TightVNC, but now RealVNC seems to have replaced it. > > The original VNC is X-based, that is to say you need an X tree to > build it inside. In Fedora Core 3 we ship RealVNC built against > xorg-x11-6.8.1. If a security problem is discovered in xorg-x11, and > that problem affects the VNC modules built against it, it is a simple > matter to apply the patch and rebuild the VNC package. The xorg-x11 > project is actively maintained. > > The TightVNC project, on the other hand, is still based on XFree86 > 3.3.x (not even 4.x). As I understand it, there *are* security > problems in that release, they remain unfixed, and will continue to > remain unfixed. XFree86 3.3.x is not undergoing any maintenance. > > So it's a simple choice really. > > I spoke to the TightVNC maintainer a while ago asking when he would > port to a newer X base, and he said it was on his to-do list -- but > until that happens, we can't really ship such an old version of the X > code that it builds against. > Is this just the daemon or is the tightvnc viewer a problem as well? -- Leonard Isham, CISSP Ostendo non ostento.
