Mailinglist Archive: opensuse-project (73 mails)

< Previous Next >
Re: [opensuse-project] Pro-active security announcement question
  • From: Bryen M Yunashko <suserocks@xxxxxxxxx>
  • Date: Fri, 25 Jan 2013 11:42:15 -0600
  • Message-id: <1359135735.1970.58.camel@linux-sl6g>
On Fri, 2013-01-25 at 16:26 +0100, Marcus Meissner wrote:
On Fri, Jan 25, 2013 at 10:20:21AM -0500, Greg Freemyer wrote:
On Fri, Jan 25, 2013 at 10:07 AM, Marcus Meissner <meissner@xxxxxxx> wrote:
On Fri, Jan 25, 2013 at 10:03:21AM -0500, Greg Freemyer wrote:
Marcus,

I just became aware of a data loss bug for all win8 / opensuse dual
booters.

The only "fix" is for users to turn off a new win8 feature. As the
ntfs-3g maintainer, I will try to incorporate the patch that blocks
mounting of ntfs / fat filesystems if the feature is found to be in
use, but that is just a stop gap solution to stop users from shooting
themselves. Again, the only real solution is for users to disable the
feature in win8.

Is there a way to announce that now instead of waiting for a ntfs-3g
security patch?

It is not a security issue, even though it is a critical bug.

"security issue" would mean that an attacker could cause damage
by doing something unintended.

This seems intended breakage.


But yes, we should put out updates that somehow detect this and refuse
to mount the fs if present.

The question still stands. Is there a pro-active way to announce this
to opensuse users other than waiting a for a update that only detects
the problem and hopefully advises the user to disable the feature in
win8.

In a mail to the opensuse-announce list, or a news article on
news.opensuse.org
or so.

Ciao, Marcus

Those are low-hanging fruit outlets which would certainly work for those
who follow openSUSE in some way. However, I don't think there is a more
aggressive way that can reach the many thousands who use openSUSE but do
not follow any news outlet. And I doubt there will ever be a way,
short of a pop-up window on your system, which I don't think is the
route we want to go.

Bryen


--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >