Announcement

Collapse
No announcement yet.

The XMir Security Issue Should Now Be Resolved

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by mjg59 View Post
    What is? The commit Michael references as fixing the problem is in the Mir libraries that I'm running.
    Can some one say Oops lol

    Comment


    • #12
      No thanks

      Originally posted by LinuxGamer View Post
      "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time
      Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

      because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"

      Comment


      • #13
        Originally posted by tmpdir View Post
        Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

        because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"
        It's funny how developers did acknowledge they need to put more warnings in several places (they stated there are several bugs filed where the user started testing an alpha release without having an idea of how to restore their systems if they lose the ability to boot) but some users are still on denial of this fact. You need to warn users of the risk of testing bleeding edge software, specially with a distro supposed to be newbie friendly: newbies don't always know beforehand such things. An experienced user will probably check the bug tracker by its own, but a newbie wouldn't know. Of course, as they acknowledge it, they did put more warnings in some places, like the wiki. Stating most of the issues. Also, knowing ahead of time is a way to make an informed decision about being ready for testing.

        Comment


        • #14
          [QUOTE=andydread;352868]
          Originally posted by LinuxGamer View Post
          "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

          --snip

          This software is not currently enabled in any distributed version of Ubuntu. So no. Its not a "shame" Is it a shame that the CONFIG_PERF_EVENTS MASSIVE hole was left in the Linux kernel for 2 whole years and distributed to world+dog and when they supposedly "patched" the gaping hole 4 months ago they failed to mention the criticality of this bug? is that a "shame"?
          Yes it was and You had to compile the kernel with the CONFIG_PERF_EVENTS and it was well known by Developers/Hackers you can use unsafe flags today to compile the kernel or BSD and you don't want Noob's Jumpping in to Testing Unsafe Software remember the Mir wiki is miss leading in this case to newb's

          Comment

          Working...
          X