Perhaps I'm slightly weird, but I find the "fix" far more worrisome than the original bug.
The original bug was a security bug, plain and simple. Not good, but understandable given the schedules Canonical is working to.
The "fix" does not actually solve the bug; it just hides it, so that it's harder to hit. If this is how security bugs in Mir proper (not just XMir) are going to be treated, then I'm not going to use it - one thing I've seen throughout my career is that if you convert a security bug to a race condition, the black hats just work out how to win the race.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: malicious xscreensaver getting your passwd, vs malicious mir-hog getting your passwd
Date: 2013-10-03 06:18 pm (UTC)The original bug was a security bug, plain and simple. Not good, but understandable given the schedules Canonical is working to.
The "fix" does not actually solve the bug; it just hides it, so that it's harder to hit. If this is how security bugs in Mir proper (not just XMir) are going to be treated, then I'm not going to use it - one thing I've seen throughout my career is that if you convert a security bug to a race condition, the black hats just work out how to win the race.