Conversation
Notices
-
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 11:52:40 UTC Claes Wallin (韋嘉誠) @speeddefrost If their version is more usable, is the attention undeserved? At least they properly link to the source. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 11:53:59 UTC Claes Wallin (韋嘉誠) @lnxw48 Well, even through just a post on LKML, the information got out. And github made the effort, rather than limited git core resources. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 11:55:09 UTC Claes Wallin (韋嘉誠) @lnxw48 The main announcement was on #LKML. The best announcement was on #GitHub. I fail to have a problem with this. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 12:01:19 UTC Claes Wallin (韋嘉誠) @lnxw48 Release notes are linked from git-scm.org and I think that's about as much attention as this deserves: http://tini.link/git221rel -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 15:16:18 UTC Claes Wallin (韋嘉誠) @lnxw48 Most of the git repositories you will ever clone are software. You are already running their arbitrary code on your computer. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 15:18:13 UTC Claes Wallin (韋嘉誠) @lnxw48 Their ability to overwrite your .git/config, possibly with some malevolent alias, is a security hole. But in context, not huge. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 15:19:36 UTC Claes Wallin (韋嘉誠) @lnxw48 #LKML is the official information channel for the git project and the release notes are linked from the root of their home page. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Saturday, 20-Dec-2014 15:20:35 UTC Claes Wallin (韋嘉誠) @lnxw48 With few exceptions, every point release ever of any software contains security fixes. Do they need a media campaign each time? -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Sunday, 21-Dec-2014 02:31:04 UTC Claes Wallin (韋嘉誠) @lnxw48 Release notes linked from git-scm.org mention the vulnerability. Doesn't get more official than that for your hypothetical manager. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Sunday, 21-Dec-2014 02:32:03 UTC Claes Wallin (韋嘉誠) @lnxw48 Oh, it's affecting Mercury too. Any others? svn? http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Sunday, 21-Dec-2014 04:30:16 UTC Claes Wallin (韋嘉誠) I did a quick test with svn and it is kind enough to report a merge conflict and not overwrite any existing local files. -
Claes Wallin (韋嘉誠) (clackemovedtoheldscalla@quitter.se)'s status on Sunday, 21-Dec-2014 09:56:06 UTC Claes Wallin (韋嘉誠) @lnxw48 Yeah, tried it on OSX on a case-insensitive fs.
-