FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 06-13-2010, 12:08 AM
Ionuț Bîru
 
Default unrealircd 3.2.8.1-2 contains backdoor

On 06/13/2010 03:06 AM, Alexander Duscheleit wrote:

On Sun, 13 Jun 2010 01:19:02 +0200
Thomas Bächler<thomas@archlinux.org> wrote:


Am 13.06.2010 00:57, schrieb Alexander Duscheleit:


I've already filed a bug as FS#19780 to the community project, but
given the severity I thought it would be wise to alert a wider
audience.


Maybe you should post to the right list then.


Isn't that what I did? From the Arch Linux related lists, this one
seemed the most appropriate I have post access to. Aur-general doesn't
apply, dev-public is read-only, all others don't fit the topic and
there is no -security. So which Arch list would have been better?


aur-general is the mailing list for community repo in which trusted
users lurk


--
Ionuț
 
Old 06-13-2010, 12:10 AM
Thomas Bchler
 
Default unrealircd 3.2.8.1-2 contains backdoor

Am 13.06.2010 02:06, schrieb Alexander Duscheleit:
> On Sun, 13 Jun 2010 01:19:02 +0200
> Thomas Bchler <thomas@archlinux.org> wrote:
>
>> Am 13.06.2010 00:57, schrieb Alexander Duscheleit:
>>>
>>> I've already filed a bug as FS#19780 to the community project, but
>>> given the severity I thought it would be wise to alert a wider
>>> audience.
>>
>> Maybe you should post to the right list then.
>>
> Isn't that what I did? From the Arch Linux related lists, this one
> seemed the most appropriate I have post access to. Aur-general doesn't
> apply, dev-public is read-only, all others don't fit the topic and
> there is no -security. So which Arch list would have been better?

aur-general is where all issues concerning community packages can be
discussed with the TUs, and it is the only list where every single TU is
subscribed.

If you didn't notice, I already cross-posted my last reply to
aur-general with a full-quote.
 
Old 06-13-2010, 12:33 AM
Alexander Duscheleit
 
Default unrealircd 3.2.8.1-2 contains backdoor

On Sun, 13 Jun 2010 02:10:56 +0200
Thomas Bchler <thomas@archlinux.org> wrote:

> Am 13.06.2010 02:06, schrieb Alexander Duscheleit:
> > On Sun, 13 Jun 2010 01:19:02 +0200
> > Thomas Bchler <thomas@archlinux.org> wrote:
> >
> >> Am 13.06.2010 00:57, schrieb Alexander Duscheleit:
> >>>
> >>> I've already filed a bug as FS#19780 to the community project, but
> >>> given the severity I thought it would be wise to alert a wider
> >>> audience.
> >>
> >> Maybe you should post to the right list then.
> >>
> > Isn't that what I did? From the Arch Linux related lists, this one
> > seemed the most appropriate I have post access to. Aur-general
> > doesn't apply, dev-public is read-only, all others don't fit the
> > topic and there is no -security. So which Arch list would have been
> > better?
>
> aur-general is where all issues concerning community packages can be
> discussed with the TUs, and it is the only list where every single TU
> is subscribed.

OK, I really didn't know that. I thought that since the repo moved to
the "proper" arch servers, the relation between community and AUR
wouldn't apply anymore the way it did before. I'll remeber that for the
future. (I saw the crosspost right after I sent my 1st reply.)

OTOH the original mail was meant more to alert *users* of unrealircd,
the maintainer should actually already have been noticed via the bug.

On a side-note, Sergej already has published a new pkgrel this afternoon
(2010-06-12 16:40:54 UTC). So the bug is/was already obsolete before I
wrote it. (I should remember to check the website before trusting
supposedly up to date mirrors I guess.) What do we actually need a
-security list for, when maintainers fix vulnerabilities before the are
filed? ;-)
 
Old 06-13-2010, 07:58 AM
Thomas Bchler
 
Default unrealircd 3.2.8.1-2 contains backdoor

Am 13.06.2010 02:33, schrieb Alexander Duscheleit:
> OTOH the original mail was meant more to alert *users* of unrealircd,
> the maintainer should actually already have been noticed via the bug.

In that case, it seems you chose your list wisely.

> On a side-note, Sergej already has published a new pkgrel this afternoon
> (2010-06-12 16:40:54 UTC). So the bug is/was already obsolete before I
> wrote it.

Good, didn't notice that. I was quite shocked when I read about the issue.
 

Thread Tools




All times are GMT. The time now is 01:25 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org