[opensuse-factory] Please open bug #1103093
Hi Bugshare-Team, It is mentioned in gdm patch as security fix. I'd really like to know what vulnerability I have if I can not update for whatever reason. Best regards, -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 24/09/2018 16:02, Stefan Seyfried wrote:
Hi Bugshare-Team,
It is mentioned in gdm patch as security fix. I'd really like to know what vulnerability I have if I can not update for whatever reason.
Best regards,
Still working on permissions to open these properly, this wasn't created as a security bug so someone might have got the patchinfo wrong. The following was missing from /usr/share/gdm.schemas - <schema> - <!-- SUSE-specific --> - <key>daemon/SUSEPasswordlessEnable</key> - <signature>b</signature> - <default>false</default> - </schema> -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Mon, 2018-09-24 at 08:32 +0200, Stefan Seyfried wrote:
I'd really like to know what vulnerability I have if I can not update for whatever reason. Out of curiosity - do you intend to CC Factory every time you request bug to be accessible to you? Also do you plan on doing so for all bugs that updates are being issued for?
I certainly hope that answer to both is no, else I will just unsubscribe from such cluttered mailing list. Cheers Martin
Am 24.09.18 um 09:24 schrieb Martin Pluskal:
On Mon, 2018-09-24 at 08:32 +0200, Stefan Seyfried wrote:
I'd really like to know what vulnerability I have if I can not update for whatever reason. Out of curiosity - do you intend to CC Factory every time you request bug to be accessible to you?
One minor correction -- I am request the bugs to be opened for *everyone*.
Also do you plan on doing so for all bugs that updates are being issued for?
The answer is "no" to both. However, I'll probably from time to time add factory (or -project, if this is deemed more appropriate) to CC if no progress is made to keep the awareness of the problem alive.
I certainly hope that answer to both is no, else I will just unsubscribe from such cluttered mailing list.
I certainly can see that for you this is not an issue, as you are able to see all these bugs AFAIK. But for community members who can't, this is an important issue, I just try to make sure it is not forgotten. But my still to be implemented "scan_all_updates_for_non-open_bugzilla_entries_and_mailbomb_bugshare.sh" script will certainly not set opensuse-factory on CC ;-) -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 24/09/2018 17:23, Stefan Seyfried wrote:
But my still to be implemented "scan_all_updates_for_non-open_bugzilla_entries_and_mailbomb_bugshare.sh" script will certainly not set opensuse-factory on CC ;-)
Its probably best that its still to be implemented because mostly all it would achieve is a new filter in my email client to ignore it. The purpose of bugshare was never to open everything, it was meant to be a work around to help when private bugs were blocking openSUSE or upstream development, the list is manned by a team of volunteers in there spare time. If you annoy those volunteers too much they will likely start ignoring you. As we stated when we created bugshare, this is just a temporary work around until SUSE can change there processes, given how many processes will need to change in this area as SUSE migrates away from Microfocus infra, this will likely happen as part of or after that migration. For now there is nothing else anyone can do, the board has raised this at a high level with SUSE engineering and we won't be able to do much else until they are in a position to do it better. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Mon, 24 Sep 2018 at 10:05, Simon Lees <sflees@suse.de> wrote:
On 24/09/2018 17:23, Stefan Seyfried wrote:
But my still to be implemented "scan_all_updates_for_non-open_bugzilla_entries_and_mailbomb_bugshare.sh" script will certainly not set opensuse-factory on CC ;-)
Its probably best that its still to be implemented because mostly all it would achieve is a new filter in my email client to ignore it. The purpose of bugshare was never to open everything, it was meant to be a work around to help when private bugs were blocking openSUSE or upstream development, the list is manned by a team of volunteers in there spare time. If you annoy those volunteers too much they will likely start ignoring you.
As we stated when we created bugshare, this is just a temporary work around until SUSE can change there processes, given how many processes will need to change in this area as SUSE migrates away from Microfocus infra, this will likely happen as part of or after that migration. For now there is nothing else anyone can do, the board has raised this at a high level with SUSE engineering and we won't be able to do much else until they are in a position to do it better.
Indeed, and to echo the sentiment of Michal Kubecek, Stefan's excessive behaviour on this topic has managed to sap my enthusiasm for helping in the totally voluntary bugshare effort. Without my help I expect things to be a little harder on the remaining volunteers, but I hope with a greater stubbornness and/or time to deal with such excesses than I, the efforts they're doing here should still be able to benefit the Project. - Rich -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi seife, If you already know something is a closed security bug, feel free to directly email security@suse.de Ciao, Marcus On Mon, Sep 24, 2018 at 08:32:47AM +0200, Stefan Seyfried wrote:
Hi Bugshare-Team,
It is mentioned in gdm patch as security fix. I'd really like to know what vulnerability I have if I can not update for whatever reason.
Best regards, -- Stefan Seyfried
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (5)
-
Marcus Meissner
-
Martin Pluskal
-
Richard Brown
-
Simon Lees
-
Stefan Seyfried