SoylentNews is people
SoylentNews
from the information-wants-to-be-free? dept.
Adobe is showing that it can be transparent about its security practices:
Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account—both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.
The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen:
Oh shit Adobe pic.twitter.com/7rDL3LWVVz
— Juho Nurminen (@jupenur) September 22, 2017Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account.
Also at The Register and Wccftech.
[How many here have done something like this? Perhaps an extra file accidentally uploaded to GitHub? --Ed.]
(Score: 1, Insightful) by Anonymous Coward on Saturday September 23 2017, @10:26PM (3 children)
It seems nobody checks before going ahead, not even a single, less so double check. Say you run "blah > foo.txt". Some people upload foo.txt, others first do "less foo.txt" and check it really looks like it should, and even download back to confirm it works. Maybe something failed and you would send nothing, or permissions are wrong, or URL is wrong... wasting receiver's time. "Measure twice, cut once" old guys told us.
Same with code, some people commit and push, then realize it doesn't compile or that a file was not in the commit. Others run the tests first, check the diff, maybe merge/split commits, and when 99% sure, push and cross fingers. Bonus: things like git bisect keep working as intended. Also it means you care enough to not throw random crap to other coders. But it doesn't show, as most of the times it will work smoothly. Sometimes you wonder if some coders are dumb or think "more, faster commits and pushes" is so important, or just want to be noticed at all costs, even by the trail of crap left. Maybe stat tools should do a "-12 commits" (1 for original, 1 for fix, 10 as extra penalty) to punish such behaviour, as it seems to regularly happen with those "proud" of their commit count.
But some projects are beyond hope, not long ago I saw a thread with full (top) quoting (back and forth reading!), every new message just requesting some new commits to be added to a release branch, or confirming inclusion, or discussing small details. The final straw was when near the end someone posted a pastebin of commits to be used and I noticed the email was bigger than such list (of course, every signature was there, including the list one, multiple times... commit hashes are OK-ish because most users are unable to pick a good email reader to see past exchanges, but signatures? FFS!). So the result of the clean up was sent to a third party that will go down at random, and the chaotic exchange was generating more net traffic than a properly trimmed thread.
(Score: 2) by frojack on Sunday September 24 2017, @03:49AM (2 children)
Similar to your post.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Sunday September 24 2017, @04:11AM (1 child)
frojack, the one that vents at
the barSN with perfect order.(Score: 0) by Anonymous Coward on Sunday September 24 2017, @04:34AM
Another round for everyone, frojack pays. Not enough drunk grandpa rants for a Saturday.