You are not logged in.

#26 2008-02-18 18:00:42

jdhore
Member
From: NYC
Registered: 2007-08-01
Posts: 156

Re: Distrowatch weekly taking a dig at Arch

I was following this exploit VERY closely...Here's the timeline i was able to gather in my research:

Exploit Found -> Upstream kernel (Git ONLY) fix -> Arch Fix -> Gentoo Fix -> Debian Etch Fix -> Everyone else's fixes

Offline

#27 2008-02-18 20:35:35

jacko
Member
Registered: 2007-11-23
Posts: 840

Re: Distrowatch weekly taking a dig at Arch

distrowatch is wrong, we can all agree on that. I can remember that day and I can remember when I first heard about the exploit. It was later that night on irc. After hearing about the exploit I remember getting an update to kernel26 earlier in the day, I had a suspicion at that moment that the exploit was fixed in that update. It wasn't till the next day that I read the front page of arch and confirmed I was already in the clear as far as the vmsplice() exploit was concerned. U can't get much faster then that.

Offline

#28 2008-02-18 21:30:00

Romashka
Forum Fellow
Registered: 2005-12-07
Posts: 1,054

Re: Distrowatch weekly taking a dig at Arch

jdhore wrote:

I was following this exploit VERY closely...Here's the timeline i was able to gather in my research:

Exploit Found -> Upstream kernel (Git ONLY) fix -> Arch Fix -> Gentoo Fix -> Debian Etch Fix -> Everyone else's fixes

Not quite correct.
The patch we used was not the same as applied to mainstream git later.
We've patched our kernel with the first patch that fixed the security hole, while mainstream applied a slightly different patch later.
Comment #47 on that DistroWatch Weekly issue says that Gentoo fixed it sooner, but this is only because we had some issues with our main server at that time. tongue


to live is to die

Offline

#29 2008-02-18 21:30:17

wuischke
Member
From: Suisse Romande
Registered: 2007-01-06
Posts: 630

Re: Distrowatch weekly taking a dig at Arch

Please, no childish posting in the comments. Some comments were very well written and objective, whilst others made me embarrased to be a part of the Arch community.

Offline

#30 2008-02-19 06:09:52

Mandor
Member
Registered: 2006-06-06
Posts: 154

Re: Distrowatch weekly taking a dig at Arch

I think that Ladislav has some view on what Linux distros should be like and he is trying to popularize that view. It seems that he finds necessary that more people use Linux and all distros should aim at that - mostly that all distros should be easy for new users, and keep them from shooting in their legs (even though all attempts for that to date have failed). While this is not the view of many people (including me), I think that we should not pay much attention to his editorials and argue. Let not Arch be the next Gentoo...


If everything else fails, read the manual.

Offline

Board footer

Powered by FluxBB