Update blog systemd Insecurity to version 3.1.0.13.
This commit is contained in:
commit
ceed8400d4
SSH Key Fingerprint:
SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
@ -5,7 +5,7 @@
|
||||
<!-- Copyright 2022-2023 Jake Winters -->
|
||||
<!-- SPDX-License-Identifier: BSD-3-Clause-Clear -->
|
||||
|
||||
<!-- Version: 2.0.0.11 -->
|
||||
<!-- Version: 3.1.0.13 -->
|
||||
|
||||
|
||||
<html>
|
||||
@ -33,6 +33,9 @@
|
||||
<body>
|
||||
<h1>Blog - #1</h1>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<h2>systemd Insecurity</h2>
|
||||
<br>
|
||||
<p class="update_date">Posted: 2022-01-29 (UTC+00:00)</p>
|
||||
@ -40,11 +43,31 @@
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<!-- Table of contents. -->
|
||||
<h2 id="toc"><a href="#toc" class="h2"
|
||||
>Table of Contents<a/></h2>
|
||||
<ul>
|
||||
<li><a href="#issue0" class="body-link"
|
||||
>Issue #0 - Against CVE Assignment</a></li>
|
||||
<li><a href="#issue1" class="body-link"
|
||||
>Issue #1 - CVEs Are Not Useful</a></li>
|
||||
<li><a href="#issue2" class="body-link"
|
||||
>Issue #2 - Security is a Circus</a></li>
|
||||
<li><a href="#issue3" class="body-link"
|
||||
>Issue #3 - Blaming the User</a></li>
|
||||
</ul>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<p>Anyone who cares about security may want to switch from systemd as soon as possible; its lead
|
||||
developer doesn't care about your security at all.</p>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Issue #0 - Against CVE Assignment</h3>
|
||||
<br>
|
||||
|
||||
<h2 id="issue0"><a href="#issue0" class="h2"
|
||||
>Issue #0 - Against CVE Assignment</a></h2>
|
||||
<br>
|
||||
<p>Poettering:<br>
|
||||
"You don't assign CVEs to every single random bugfix we do, do you?"</p>
|
||||
@ -58,7 +81,9 @@ Yes, if they're security-related.</p>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Issue #1 - CVEs Are Not Useful</h3>
|
||||
|
||||
<h2 id="issue1"><a href="#issue1" class="h2"
|
||||
>Issue #1 - CVEs Are Not Useful</a></h2>
|
||||
<br>
|
||||
<p>Poettering:<br>
|
||||
"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the
|
||||
@ -77,7 +102,9 @@ same.</p>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Issue #2 - Security is a Circus</h3>
|
||||
|
||||
<h2 id="issue2"><a href="#issue2" class="h2">
|
||||
Issue #2 - Security is a Circus</a></h2>
|
||||
<br>
|
||||
<p>Poettering:<br>
|
||||
"I am not sure I buy enough into the security circus to do that though for any minor issue..."</p>
|
||||
@ -88,7 +115,9 @@ same.</p>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
<h3>Issue #3 - Blaming the User</h3>
|
||||
|
||||
<h2 id="issue3"><a href="#issue3" class="h2"
|
||||
>Issue #3 - Blaming the User</a></h2>
|
||||
<br>
|
||||
<p>Poettering:<br>
|
||||
"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user