The only guaranteed fix is in the kernel. You’ll want to check your distro for the CVE. The disclosers very happily bring up all the distros affected but do not seem to have reached out to any of them to also patch. The CVE itself is still waiting for NVD analysis beyond its base score.

I’m not actively saying they did anything wrong but I am saying they’re blowing smoke about responsible disclosure.

I think you’re displaying a very big gap between understanding risk assessment and understanding task completion. So far I have not seen anyone say they would not complete the task. I have seen people complete risk assessment. Risk assessment does not mean I will not do something, it just reflects the urgency with which I will do it. Most self-hosted users can safely apply basic risk assessment to see, while the impact may be high, the likelihood is low. Obviously the likelihood increases the more hands off you are with, say, unattended container updates for things that can escape containers or access the underlying system. Should most self-hosted users literally drop everything, rush home, and apply the patch? No, basic risk assessment does not merit that. Should everyone apply the patch? Yes.

Your comment said Forgejo has a disclosure process. The article says the author went with a carrot disclosure after reading the disclosure process and making a value judgement. Because your comment only mentioned Forgejo having a disclosure process, not an evaluation of the author’s evaluation of the disclosure process, it made you appear as if you had not read the article.

In your response to me calling that out, you offer an analysis. The author is lazy for using carrot disclosure over the defined disclosure process. That’s a valid take. I’m not going to disagree with that.

I don’t think you read the article.

The author knew it was a bad idea

https://xkcd.com/927/

This is a joke, right? OneFlow isn’t trunk-based development and is actually gitflow with different steps. I have yet to see any org actually use trunk-based development mostly because I’ve not seen cherry-picking from the trunk adopted at any large scale.

For those that don’t know, he ultimately backed EME which was dumb.

I don’t think you understand what the tool is

Please don’t take me as a GH shill because I’m not. I’m not sure we read the same email given your projects. Actions on GH runners are dropping in cost and there’s a new fractional cost for self-hosted. For the average user, especially those on GH runners, costs are going down. Looking at your repo, you haven’t run anything since July. Your workflow files use GH runners. Nothing in your history suggests you’re leaving the free tier so I don’t get this FUD at all. General Microsoft hate? Fuck yeah. Shitty GH service? Fuck yeah. Plenty of reasons to dunk but this was not one of them. M

I’m incredibly skeptical of the self-hosting email server claims. With the past 30 years of spam, most of the majors make it nigh impossible to do so. I know there are diehards out there that make it happen; it’s not as easy as it was 20 years ago though.

Edit: Very useful HN thread with multiple perspectives (not just my doom and gloom)

The big given example was gigabit throughput. Most consumers in the US, businesses included, don’t have access to internet infrastructure capable of multigig because of regulatory capture. Those that do are already using multigig hardware which, unsurprisingly, hasn’t really changed much.

The current administration believes the same stuff. She left with the admin change yet agrees with things like the current admin’s approach to AI regulation.

My initial take on the sticker was the whole “fire exit git commit git push;” I do see this other perspective now

We’re just quitting without writing? Living very dangerously aren’t we?

It’s still just another type of ID so you can do lookups on it. Nothing would change. UUIDs are used all the time.

Note that the linked article answers your FOSS question.

I assume this is Poe’s Law in action. Elon historically doesn’t understand shit about tech so the commenter is just highlighting something that’s been GA for other tools for years.

This isn’t recent. This has been an ongoing thing for at least 20 years (if not longer; that’s just the earliest I remember having this convo). Yes, it cleans the wound by killing things but it also fucks up the healthy tissue around the wound (see other comments for a more scientific explanation). Having some in a medical kit is useful for other activities such as diluting with water for an ear rinse, diluting with water for various mouth stuff (rinse not swallow), and some skin treatments (again, diluting first).

Strange; the page is shilling for a product that doesn’t use raw HTML for its site.