No subject

  I'd be more concerned that Calibre bundles unrelated functionality
  (duplicating what an OS should provide) that you quite possibly
  wouldn't be expecting; that it's clearly been developed without
  security concerns being taken into account from the start, despite the
  developer knowing about the inherent risks in using setuid; that as
  each security bug is reported the developer looks in each case to do
  the minimum to identify and block that specific situation, rather than
  switching to a wholesale way of being inherently more secure; that the
  developer prioritizes minor convenience for users of ancient and
  esoteric Linux distributions (being able to download Calibre from its
  website and run it without having to install any other dependencies or
  optional OS-provided packages) over being secure for all users; that
  the developer thinks that security problems for some groups of users,
  such a University providing a computer lab of multi-user computers,
  aren't important or worth mentioning, because they won't affect most
  users; that the developer doesn't believe in security in depth --
  being content to let Calibre enable users to perform certain actions
  as root so long as exploiting them would also require bugs in some
  other software; and that the developer is so rude and dismissive to
  those reporting security issues.

Cheers

Smylers
-- 
http://twitter.com/Smylers2