First of all, fuck, RCE bad, this isn't good.
-
First of all, fuck, RCE bad, this isn't good.
But I would be dishonest if I didn't admit that I am always extremely excited about these issues dropping as the world's largest Linux mirror operator. The traffic patterns when admins are desperately trying to find long forgotten servers and finally run "sudo dnf update" on them are fascinating.
-
Jan Wildeboer 😷:krulorange:replied to Kenneth Finnegan last edited by
@kwf I am always weary of people shouting "FIRE". As is said in the post (you didn't add ALT text ;), the devs have agreed with a public dosclosure. Knowing my security people at Red Hat, that happened for reasons. So yes, I also look forward to the disclosure. And my gut feeling is that it won't be the catastrophic thing that the OP wants it to be.
-
Kenneth Finneganreplied to Jan Wildeboer 😷:krulorange: last edited by
@jwildeboer I linked to the post right there.
-
Jan Wildeboer 😷:krulorange:replied to Kenneth Finnegan last edited by [email protected]
@kwf (that doesn't make your screenshot accessible Which says, in one of the replies:
-
Jan Wildeboer 😷:krulorange:replied to Jan Wildeboer 😷:krulorange: last edited by
@kwf Which is definitely telling me a lot about how the communication went. The better way, the Open Source way, would have been: "Here's a problem, here's a potential fix, how do we get it upstream?" But that good ole ethos seems to have been gone
-
Kenneth Finneganreplied to Jan Wildeboer 😷:krulorange: last edited by
@jwildeboer lol. sure.
-
Jan Wildeboer 😷:krulorange:replied to Kenneth Finnegan last edited by
@kwf Let's wait for the disclosure, k?