Whether it's the security list or the social list or the arm list or the
marketing, people should know. We've got way too much fragmentation in my
opinion.
I didn't know until last night.
And the article in the original email of this thread is very vague.
Maybe we should have some kind of "fedora-news" list for important topics
such as this instead of 50 specific "on topic" lists. I don't know.
It's
quite alarming and it feels like there is too much information to keep up
with to stay up to date.
--
So you guys on the security list knew about it for a week, does that mean
I should have been subscribed to the security list or just psychically know
about this cross platform security flaw that is huge, or subscribe to the
CVE mailing list, or read every single article on Slashdot?
The java hole is going to affect tons of people regardless of what OS their
on.
The hypocrisy is amazing sometimes.
Honestly, you sound like an Oracle/Sun employee trying to cover up a Java
flaw right now (I know you're not).. I really don't know what to think.
My main point here is people have a right to discuss any topic they feel
necessary. Yes, I agree with you: the ambassadors list probably wasn't the
right place for it, but I'm glad somebody sent something and I saw someone
bring it up in #Fedora otherwise I wouldn't have known.
Welcome to the information age.
Dan
On Mon, Sep 3, 2012 at 6:56 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 03/09/12 14:52, Dan Mashal wrote:
> If you really think Fedora, or any other OS is bullet proof, you've got
> other issues.
>
> In fact in my original reply I said that this was a bunch of BS.
>
> Someone actually came in to #Fedora last night and mentioned the Java
> security flaw, which is an actual real flaw that is cross platform
> (Windows,OSX,Unix).
>
> Thanks,
> Dan
>
> On Mon, Sep 3, 2012 at 6:50 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>> wrote:
>
> On 03/09/12 14:47, Dan Mashal wrote:
> > This is not a "bug" thread, it's a discussion thread.
> >
> > Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit
that
> > hole is closed.
> >
> > Thanks.
> >
> > Dan
> >
> > On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
> > <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>
> > <mailto:tristan.santore@internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>>> wrote:
> >
> > On 03/09/12 11:39, Álvaro Castillo wrote:
> > > You see these is Java but free. On Java always exist bugs,
> exploits,
> > > trojans.... Difference Java Oracle between OpenJDK avoid one
is
> > > privative and other is free. Is speed fixing issues.
> > >
> > > On Sep 3, 2012 6:17 AM, "Dan Mashal"
<dan.mashal(a)gmail.com
> <mailto:dan.mashal@gmail.com>
> > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>
> > > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>>>
wrote:
> > >
> > > I think this is a bigger deal:
> > >
> > >
https://bugzilla.redhat.com/show_bug.cgi?id=852051
> > >
> > > Dan
> > >
> > > On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
> <mailto:jdisnard@gmail.com>
> > <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>
> > > <mailto:jdisnard@gmail.com
<mailto:jdisnard@gmail.com>
> <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>>>
wrote:
> > >
> > > I believe the OP was referring to this (?):
> > >
> > >
http://www.f-secure.com/weblog/archives/00002400.html
> > >
> > > It's from July, but I keep seeing the same news
> appear on
> > > different sites.
> > > I do believe they are all referring to the above
link.
> > > That is unless the kit has been taken, modified,
> adapted,
> > evolved,
> > > etc... into something new.
> > >
> > >
> > > Best regards,
> > > -Jon
> > >
> > >
> > >
> > >
> > > On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
> > <dan.mashal(a)gmail.com <mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>
> > > <mailto:dan.mashal@gmail.com
> <mailto:dan.mashal@gmail.com>
> > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>>>
> wrote:
> > > > Really the only ways to get in are the following:
> > > >
> > > > 1) CVEs on the packages in the stable repo
> > > > 2) Vulnerabilities in software such as web
browsers
> > > > 3) Sniffing unecnrypted data
> > > > 4) dictionary attacks
> > > > 5) network scanning/port vulnerabilities
> > > > 6) Pushing out fake updates with back doors.
> > > >
> > > > Again, that was the god old days.
> > > >
> > > > Dan
> > > >
> > > >
> > > > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> > > <netsys(a)fedoraproject.org
> <mailto:netsys@fedoraproject.org>
> > <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>> <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>
> > <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>>>>
> > > > wrote:
> > > >>
> > > >> I think a lot vuln about DDos on kernel or
software
> > that can
> > > solved with
> > > >> update your system (built) patchs. And know
about
> Java too
> > > that can be
> > > >> opened door for exploits and daemons runs on
> shadows. About
> > > trojans on
> > > >> Linux... dont know. All software is downloaded
of
> repos or
> > > .tar directly...
> > > >> Maybe passes such as Debian with OpenSSL (never
> be sure.)
> > > >>
> > > >> Is true that 100% is not exist on security. If
> you have
> > > paranoia, try
> > > >> OpenBSD, but remember, never be sure with
something
> > built by
> > > human as have
> > > >> said this.
> > > >>
> > > >> On Sep 2, 2012 3:05 AM, "Danishka
Navin"
> > <danishka(a)gmail.com <mailto:danishka@gmail.com>
> <mailto:danishka@gmail.com <mailto:danishka@gmail.com>>
> > > <mailto:danishka@gmail.com
> <mailto:danishka@gmail.com> <mailto:danishka@gmail.com
> <mailto:danishka@gmail.com>>>>
> > wrote:
> > > >>>
> > > >>> Is this true? (for Linux)
> > > >>>
> > > >>>
> > >
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> > > >>>
> > > >>> Btw, I could not find any source other than
this.
> > > >>>
> > > >>> Thanks,
> > > >>> --
> > > >>> Danishka Navin
> > > >>>
http://danishkanavin.blogspot.com
> > > >>>
http://twitter.com/danishkanavin
> > > >>>
http://www.flickr.com/photos/danishkanavin/
> > > >>>
> > > >>>
> > > >>>
> > >
> > >
> > > --
> > >
> > > -Jon
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>>
> > >
>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>>
> > >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > These issues are now fixed. packages have just been pushed
out, so
> > please can be now close this thread. It is not in the right
place
> > any way.
> >
> > Thank you.
> >
> > Regards,
> > Tristan
> >
> > --
> > Tristan Santore BSc MBCS
> > TS4523-RIPE
> > Network and Infrastructure Operations
> > InterNexusConnect
> > Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> <tel:%2B44-78-55069812>
> > Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
> > <mailto:Tristan.Santore@internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>>
> >
> > Former Thawte Notary
> > (Please note: Thawte has closed its WoT programme down,
> > and I am therefore no longer able to accredit trust)
> >
> > For Fedora related issues, please email me at:
> > TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> <mailto:TSantore@fedoraproject.org <mailto:
TSantore(a)fedoraproject.org>>
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> This does not really belong on the ambassadors list! The only reason
why
> I even responded to any of this in the beginning, was to stop any
kind
> of disinformation about Fedora being insecure, from spreading out.
>
> People tend to believe any kind of little snippet of disinformation.
>
> Regards,
>
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
Irrelevant. Not what I ever suggested any way. But this is still the
ambassadors list, not the security list. And even on the security list,
this was a known issue for a week. So, even then it would have been
irrelevant by then.
So, maybe we can let this list come back to on topic posts now.
Thank you.
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors