| 1 |
2010/10/28 Pavel Labushev <p.labushev@×××××.com> |
| 2 |
|
| 3 |
> > I didn't test that patch; even if it's incorrect, bugreport is not about |
| 4 |
> > a patch. It's about a security issue. |
| 5 |
> |
| 6 |
> Well, the bug report is about the patch. There's another bug about the |
| 7 |
> issues with LD_AUDIT: https://bugs.gentoo.org/show_bug.cgi?id=341755 |
| 8 |
> |
| 9 |
|
| 10 |
"The beat goes on! Nothings wrong!...". Tell me - If app have bug - like |
| 11 |
"calc" ;) app in KDE - who uses it? Developers will not patch app because |
| 12 |
it's less then 1% users that use it in KDE? I don't think so. Even if it's |
| 13 |
lower priority patch i think it should be included in mainstream. It's like |
| 14 |
buying a car, that closes by remote but 1% of users will still use key for |
| 15 |
central lock - ups! None included? Service: "Sorry! That's not mainstream |
| 16 |
;). You must install it by Yourself" :]. |
| 17 |
|
| 18 |
|
| 19 |
> |
| 20 |
> > This proof-of-concept exploit still works in gentoo (amd64 stable at |
| 21 |
> least, |
| 22 |
> > even hardened!), because some dangerous variables are not filtered out. |
| 23 |
> |
| 24 |
> It still works because glibc-2.11.2-r2 with the fix is still keyworded |
| 25 |
> (yeah, epic fail goes on). |
| 26 |
> |
| 27 |
> |
| 28 |
Let's keyword everything, push "da blocks, man!" on every package and this |
| 29 |
will be most secured distro :>. Great Job! :) |
| 30 |
|
| 31 |
I think, that Gentoo Devs forget about something more important in today's |
| 32 |
world - USABILITY. The "normal" user without "extra abilities" will not |
| 33 |
Patch anything because he don't even know what PATCH is. Developers have |
| 34 |
those users TOO on Gentoo. This is strenght of Mandriva, Debian-like distros |
| 35 |
(Ubuntu line specialy). Users click and software works, it upgrades and if |
| 36 |
bug is get the patch is downloaded with latest update. Tell mister "Marian" |
| 37 |
from accounting that he must PATCH something. I like that kind of face look |
| 38 |
of that people after saying that Junk -> :] "Yeah! Sure... What icon should |
| 39 |
I press in My "K" Menu?". |
| 40 |
|
| 41 |
Devs should include patches in mainstream even if it's less prior patch. |
| 42 |
Why? Because it takes about 2-10 (knowledge level) minutes extra and drops |
| 43 |
discussions like this one. 10 Minutes extra VS silence - i think it's fair |
| 44 |
:). |
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
-- |
| 49 |
Mateusz Mierzwiński |
| 50 |
|
| 51 |
Bluebox Software [PL] |
| 52 |
Neural Networks, Artificial Perception and Artificial Intelligence projects |
| 53 |
coordinator |
Archives