At least we can see the code and the fuckups freely... Unlike with some OS's...<br><br><div class="gmail_quote">On Sun, Nov 6, 2011 at 1:56 AM, Leon Kaiser <span dir="ltr"><<a href="mailto:literalka@gmail.com">literalka@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><u></u>
<div>
Of course I couldn't resist!<div class="im"><br>
<table width="100%" cellpadding="0" cellspacing="0">
<tbody><tr>
<td>
-- <br>
<tt><font color="#000000">========================================================</font></tt><br>
<b><tt>Leon Kaiser</tt></b><tt> - Head of GNAA Public Relations -</tt><br>
<tt> <a href="mailto:literalka@gnaa.eu" target="_blank">literalka@gnaa.eu</a> || <a href="mailto:literalka@goatse.fr" target="_blank">literalka@goatse.fr</a></tt><br>
<tt> <a href="http://gnaa.eu/" target="_blank">http://gnaa.eu</a> || <a href="http://security.goatse.fr" target="_blank">http://security.goatse.fr</a></tt><br>
<tt> <a href="http://pgp.mit.edu:11371/pks/lookup?op=vindex&fingerprint=on&search=0x459111CEF01F9923" target="_blank">7BEECD8D FCBED526 F7960173 459111CE F01F9923</a></tt><br>
<tt>"The mask of anonymity is not intensely constructive."</tt><br>
<tt> -- Andrew "weev" Auernheimer</tt><br>
<tt><font color="#000000">========================================================</font></tt> <br>
<br>
</td>
</tr>
</tbody></table></div><div><div></div><div class="h5">
On Sun, 2011-11-06 at 12:49 +1100, Jeremy Visser wrote:
<blockquote type="CITE">
<pre>On 05/11/2011, at 18:24, Leon Kaiser wrote:
> The flagrant disregard for his userbase is disgusting! I just uninstalled calibre.
> <a href="https://bugs.launchpad.net/calibre/+bug/885027/comments/90" target="_blank">https://bugs.launchpad.net/calibre/+bug/885027/comments/90</a>
> sudo apt-get remove calibre
The comment and "patch" you posted shows you clearly did not read the comments in the bug report.
Ubuntu has already had the bug fixed, because they use a safe udev-based hook. The vulnerability only applies to those who have installed Calibre from source. So "apt-get remove calibre" is a pretty naïve comment to make, but you couldn't resist the bashing, could you?
The reason why he's reinvented the wheel writing the insecure calibre-mount-helper daemon is because there is no platform-agnostic solution for auto-mounting.
Modern Linux distros need a udev hook, older ones need a HAL-based hook, BSD needs HAL, and who knows what everyone else needs.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a>
</pre>
</blockquote>
</div></div></div>
<br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://compsoc.nuigalway.ie/%7Einfodox" target="_blank">My Homepage :D</a><br>
<br>