Oh, one other thing: "Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001). The stable release of Debian is not vulnerable. New updates: Red Hat (January 14, 2002) Previous updates: Conectiva (October 2, 2001) Debian (August 10, 2001) Progeny (August 16, 2001)" I don't know what this works out using LWN's New Math, but by my subjective reckoning the spam from August 10th, 2001, to January 14th, 2002, is about 5 months. This is for a package that is on every GNU/Linux system where one can read manual pages. You can argue all you want about relative impact of the glibc globbing vulnerability and this groff format string vulnerability -- and if you want to, I understand there's some interesting information about the real-world vulnerability of glibc. But on an apples-to-apples basis, I would think Red Hat deserves a little equal time in the getting-shit-on-by-LWN's-editorial-staff department. I'm sure you disagree. :) Since when did the sort of slashdot-editoresque armchair commentary become the norm in LWN? It seems to have started creeping into the daily updates over the past couple of weeks, and is now appearing in the weekly edition. LWN used to be very objective and vendor-neutral when it came to Linux distributions. Is that a thing of the past? Failing to catch an error like "December 14th + 2 months = before press time" seems like the sort of thing that happens when you're hyped up into a hysterical frenzy. Too bad you expire the old daily updates. Your initial article on the glibc security update was even less charitable than the one in this week's issue. -- G. Branden Robinson | Exercise your freedom of religion. Debian GNU/Linux | Set fire to a church of your branden@deadbeast.net | choice. http://www.deadbeast.net/~branden/ |
Attachment:
pgpV3WGQ7n0H1.pgp
Description: PGP signature