> Igor is not someone who seems to take security seriously.
On this we agree. The question is, how seriously does security deserve to be taken in this case?
The evidence suggests not very seriously at all. As horrifically insecure as 7z is by your metrics, I can't think of a single incident of it ever ruining anyone's day, unlike a lot of modern software that manages to do that while supposedly being "secure" and functioning "correctly".
> On this we agree. The question is, how seriously does security deserve to be taken in this case?
Well consider exactly what 7-zip is: its a plugin to explorer.exe that will always be running. Its embedded into your "right click" button and is running at all times.
Any code that takes over 7-zip can take over explorer.exe on your typical use of 7-zip. I personally think its position as a explorer.exe plugin demands some kind of security posture.
That isn't how explorer's right-click context menu works. It's basically just a list of file extension pattern matches in the registry and command line to call when they're clicked:
On this we agree. The question is, how seriously does security deserve to be taken in this case?
The evidence suggests not very seriously at all. As horrifically insecure as 7z is by your metrics, I can't think of a single incident of it ever ruining anyone's day, unlike a lot of modern software that manages to do that while supposedly being "secure" and functioning "correctly".