SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
The developers of FreeBSD have announced they'll change the way they go about their business, after users queried why known vulnerabilities weren't being communicated to users.
This story starts with an anonymous GitHub post detailing some vulnerabilities in the OS, specifically in freebsd-update, libarchive, bspatch and portsnap. Some of the problems in that post were verified and the FreeBSD devs started working on repairs.
But over on the FreeBSD security list, threads like this started asking why users weren't being told much about the bugs or remediation efforts. That's a fair question because updating FreeBSD could in some circumstances actually expose users to the problem.
Now the FreeBSD team has answered those questions by saying “As a general rule, the FreeBSD Security Officer does not announce vulnerabilities for which there is no released patch.”
The operating system's developers and security team are now “reviewing this policy for cases where a proof-of-concept or working exploit is already public.”
That post also explains that the team is considering more detailed security advisories. There's also an admission that the proposed patch may have broken other things in the OS.
The post concludes by saying that the FreeBSB core and security teams are working with all due haste to fix things and will let those subscribed to its mailing lists know when patches are ready and the danger is past.
[The majority of SoylentNews.org's servers run Ubuntu 14.04 LTS (Long Term Stable version). Upgrading to version 16.04 LTS would expose our systems to systemd and there has been some discussion among staff about our options. One option under consideration would be FreeBSD. Are there any Soylentils who run FreeBSD? What has your experience been? Any surprises to share with the community? --martyb]
(Score: 2) by bradley13 on Friday August 12 2016, @11:54AM
I get the systemd hate, I really do. However, I'm happy with Ubuntu, so I grit my teeth and upgraded to 16.04. Adapting to a different distro? Sure, it would have been possible, but in the end I just want to get work done. Guess what, Ubuntu 16.04 works just fine.
Everyone is somebody else's weirdo.
(Score: 2, Informative) by Anonymous Coward on Friday August 12 2016, @12:31PM
Hate? I moved way past hate after a 3am call. Fuck systemd.
(Score: 0) by Anonymous Coward on Friday August 12 2016, @01:08PM
that sounds a little ridiculous. i'm not the most senior lsa but i can't think of a single issue i've had with systemd except having to learn new things. I'm not saying that some of the criticisms about scope creep, not unixy, etc aren't justifiable but as far as reliability, i've had no problems and i've been using it for a while.
(Score: 4, Insightful) by tangomargarine on Friday August 12 2016, @03:00PM
You're claiming that one other user's anecdata is "ridiculous" and using your own one user's (yourself) anecdata as evidence? Dude: listen to yourself.
"That's crazy; systemd doesn't have any problems because I personally haven't run into any."
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 4, Informative) by http on Friday August 12 2016, @09:28PM
Nobody seriously "hates" systemd, but there's every kind of flaw in philosophy and implementation that makes it desireable to avoid. Kind of like a wild bear. You don't hate it, you stay hte fuck away and do your best to alert anyone nearby.
I browse at -1 when I have mod points. It's unsettling.