Re: [opensuse-project] Pro-active security announcement question

On Fri, 2013-01-25 at 16:26 +0100, Marcus Meissner wrote:

On Fri, Jan 25, 2013 at 10:20:21AM -0500, Greg Freemyer wrote:

...

On Fri, Jan 25, 2013 at 10:07 AM, Marcus Meissner wrote:

...

On Fri, Jan 25, 2013 at 10:03:21AM -0500, Greg Freemyer wrote:

...

Marcus,

I just became aware of a data loss bug for all win8 / opensuse dual booters.

The only "fix" is for users to turn off a new win8 feature. As the ntfs-3g maintainer, I will try to incorporate the patch that blocks mounting of ntfs / fat filesystems if the feature is found to be in use, but that is just a stop gap solution to stop users from shooting themselves. Again, the only real solution is for users to disable the feature in win8.

Is there a way to announce that now instead of waiting for a ntfs-3g security patch?

It is not a security issue, even though it is a critical bug.

"security issue" would mean that an attacker could cause damage by doing something unintended.

This seems intended breakage.

But yes, we should put out updates that somehow detect this and refuse to mount the fs if present.

The question still stands. Is there a pro-active way to announce this to opensuse users other than waiting a for a update that only detects the problem and hopefully advises the user to disable the feature in win8.

In a mail to the opensuse-announce list, or a news article on news.opensuse.org or so.

Ciao, Marcus

Those are low-hanging fruit outlets which would certainly work for those who follow openSUSE in some way. However, I don't think there is a more aggressive way that can reach the many thousands who use openSUSE but do not follow any news outlet. And I doubt there will ever be a way, short of a pop-up window on your system, which I don't think is the route we want to go. Bryen -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org