Originally posted by duby229
View Post
Announcement
Collapse
No announcement yet.
X.Org Libraries Hit By Round Of Security Issues
Collapse
X
-
All opinions are my own not those of my employer if you know who they are.
-
Originally posted by duby229 View PostThe only issue that was brought to my attention that I don't have a good answer for is how best to propagate patches. I mean I really don't know. Even if a fix is made, but it is not distributed then the mere announcement of this vulnerability will inform the bad guys how to get in. So propagating these security patches is critical.
And while there's a massive pile of patches here, it's not that massive of a hole - the primary risk is if you have users on your Linux/Unix box that you trust to run programs but not to have root on the box. This isn't a "anyone who can open a TCP connection to your box owns you now" sort of hole (at least not in any scenario we've thought of - unfortunately with lower-level library code, we don't know all the ways programs may be using it).
Comment
-
Originally posted by BO$$ View PostArch? Gentoo? Hard sell to people who don't see the OS as an end in itself.All opinions are my own not those of my employer if you know who they are.
Comment
-
-
Kill X with fire and focus the same amount of effort in making Wayland a reality. How many man-years are wasted on patching up X, which is a technology dating back as long as most people here have been alive?
After the worst legacy stack (x) is replaced, maybe the community can get together and write a replacement for glibc, which is by this point the second most legacy&defect by design stack in use almost everywhere.
Comment
-
Running Debian Squeeze (oldstable) and they were available pretty quick.
@varikonniemi: Consider this comment (quoted without attribution in van Sprundel's presentation), and then consider that Wayland uses XKB, as do so many new projects:Shoot me now. And then shoot Daniels for not freeing us from XKB yet.
And then shoot anyone who volunteers to try to fix XKB, before it's too late for them too.
Comment
-
Originally posted by varikonniemi View PostKill X with fire and focus the same amount of effort in making Wayland a reality. How many man-years are wasted on patching up X, which is a technology dating back as long as most people here have been alive?
After the worst legacy stack (x) is replaced, maybe the community can get together and write a replacement for glibc, which is by this point the second most legacy&defect by design stack in use almost everywhere.
It may be old technology, but it's technology that's used by everybody running a GUI on Linux, BSD or Solaris.
Comment
-
Somewhat of a lacking analogy, since gasoline cars can not be run on electricity just by "figuring out an e->g converter". X on wayland is working pretty well in this day and age. Imagine what it could have been already, if wayland actually had a team of dedicated developers opposed to a few talents making it happen?
It sounds like wayland needed the manpower of ubuntu. Am i entirely misinformed if i say there are less than 5 people working full-time on wayland? That is like what you find in a mediocre iOS game development team. And here we are talking about making the next-gen Linux display server. It sounds really pathetic, yet one has to admire the technology they come up with. It takes a frickin' long time, but at least it is done right.
Comment
Comment