[HLUG] Herefordshire Digest, Vol 1758, Issue 1

[Julian Robbins]

Yes well said

I've been patching my servers too

Also as you alluded to Ubuntu as it uses Dash instead of bash (like debian)
doesn't have this issue either and Mint I would guess

But please keep patching

What worries me are the embedded boxes like Synology and devices but as
Kevin says these may not be affected

Julian
On 26 Sep 2014 13:59, "Kevin Dontenville" <kevin at opensure.net> wrote:

What is sad is that many people will equate these issues with open source
development. I think this is just what happens when programming using small
or narrow groups of people that by definition have limited skills.

What scares me more is when I imagine what is hiding in the software in the
proprietary world that is unfixable and unviewable. It may be hidden from
general review but not criminal reverse engineering and input/response
analysis such as the wealthy and powerful criminal organizations and NSA
etc will use. Flash is a great example! What it does is hide or at least
obscure the opportunity to fix it or have a chance of review.

The reason these recent bugs are coming out is the increase in focus on
security that is possible with FOSS and OSS generally because of the
dependence on safe computing in a dangerous world.

BTW we are on top of the updates for the HLUG site the first were applied a
few days ago. Worth noting Debs dash doesnt have the vulnerability nor it
seems BSD so once again FOSS has a more than one solution. The embedded
systems are another matter, but most of those use the unaffected busybox or
similar.

So although serious it is not insurmountable and should serve as a reminder
that FOSS is better because of shared effort and attention not 'just
because it is'. We should all be doing our bit, whether contributing bug
reports or helping where we can, however we can.

Kevin
--
Herefordshire LUG mailing list
Web:  http://www.herefordshire.lug.org.uk
List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire