From 45d789eeb690832a78dc71b35b960148ec7ccda7 Mon Sep 17 00:00:00 2001
From: inference Updated: 2022-11-14 (UTC+00:00) Anyone who cares about security may want to switch from systemd as soon as possible; its lead
developer doesn't care about your security at all. - Lennart Poettering, systemd lead developer My thoughts: Source:Table of Contents
+ Table of Contents
Issue #0 - Against CVE Assignment
+ Issue #0 - Against CVE Assignment
"You don't assign CVEs to every single random bugfix we do, do you?"
Yes, if they're security-related.
- systemd GitHub Issue 5998
"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the CVEs aren't useful anyway, hence I am not sure we should start with that now, because it is either inherently incomplete or blesses the nonsensical part of the CVE circus which we really shouldn't @@ -66,18 +66,18 @@ it *is* the correct way to announce it. It seems as if over 95 security-concious people think the same.Source:
+ systemd GitHub Issue 6225
- systemd GitHub Issue 6225
"I am not sure I buy enough into the security circus to do that though for any minor issue..."
- Lennart Poettering, systemd lead developer
Source:
- systemd GitHub Issue 5144
"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names. @@ -93,7 +93,7 @@ systemd was the thing that allowed root access just because a username started with a number, then Poettering blamed the user.Source:
+ systemd GitHub Issue 6237
- systemd GitHub Issue 6237