1 |
2010/10/28 Pavel Labushev <p.labushev@×××××.com> |
2 |
|
3 |
> > I didn't test that patch; even if it's incorrect, bugreport is not about |
4 |
> > a patch. It's about a security issue. |
5 |
> |
6 |
> Well, the bug report is about the patch. There's another bug about the |
7 |
> issues with LD_AUDIT: https://bugs.gentoo.org/show_bug.cgi?id=341755 |
8 |
> |
9 |
|
10 |
"The beat goes on! Nothings wrong!...". Tell me - If app have bug - like |
11 |
"calc" ;) app in KDE - who uses it? Developers will not patch app because |
12 |
it's less then 1% users that use it in KDE? I don't think so. Even if it's |
13 |
lower priority patch i think it should be included in mainstream. It's like |
14 |
buying a car, that closes by remote but 1% of users will still use key for |
15 |
central lock - ups! None included? Service: "Sorry! That's not mainstream |
16 |
;). You must install it by Yourself" :]. |
17 |
|
18 |
|
19 |
> |
20 |
> > This proof-of-concept exploit still works in gentoo (amd64 stable at |
21 |
> least, |
22 |
> > even hardened!), because some dangerous variables are not filtered out. |
23 |
> |
24 |
> It still works because glibc-2.11.2-r2 with the fix is still keyworded |
25 |
> (yeah, epic fail goes on). |
26 |
> |
27 |
> |
28 |
Let's keyword everything, push "da blocks, man!" on every package and this |
29 |
will be most secured distro :>. Great Job! :) |
30 |
|
31 |
I think, that Gentoo Devs forget about something more important in today's |
32 |
world - USABILITY. The "normal" user without "extra abilities" will not |
33 |
Patch anything because he don't even know what PATCH is. Developers have |
34 |
those users TOO on Gentoo. This is strenght of Mandriva, Debian-like distros |
35 |
(Ubuntu line specialy). Users click and software works, it upgrades and if |
36 |
bug is get the patch is downloaded with latest update. Tell mister "Marian" |
37 |
from accounting that he must PATCH something. I like that kind of face look |
38 |
of that people after saying that Junk -> :] "Yeah! Sure... What icon should |
39 |
I press in My "K" Menu?". |
40 |
|
41 |
Devs should include patches in mainstream even if it's less prior patch. |
42 |
Why? Because it takes about 2-10 (knowledge level) minutes extra and drops |
43 |
discussions like this one. 10 Minutes extra VS silence - i think it's fair |
44 |
:). |
45 |
|
46 |
|
47 |
|
48 |
-- |
49 |
Mateusz Mierzwiński |
50 |
|
51 |
Bluebox Software [PL] |
52 |
Neural Networks, Artificial Perception and Artificial Intelligence projects |
53 |
coordinator |