Lessons From the apt Remote Code Execution Vulnerability

Well, it’s happened before, so it was bound to happen again: a remote code execution bug was found in APT. And it’s particularly interesting in the context of an age-old debate that has been dragging on in Debian-related circles about the use of HTTPS – a question that has been asked often enough that the answer has its own website now.

How bad was it? What is there to learn from this? And what does it tell us about the importance of HTTPS in package management security?

Read More…

What the Linux CoC tells us about FOSS in 2018

It turns out that the rumours about impending doom are false. I have left my bunker today and it appears that the sky has not yet fallen, and that the world as we know it still exists. And yet, the unthinkable has happened: Linus Torvalds apologized for his behaviour, and has even decided to take time off in order to improve it. And a controversial (?) Code of Conduct has been adopted.

I do not want to defend or attack this decision in this post (although, for the record, I would certainly defend it). What I want to talk about is how the FOSS world has changed in the last fifteen years or so, and why I think this happened.

Read More…

No tracking, this is the privacy policy. Unless otherwise stated, everything is copyright © Alexandru Laz─âr
Shale theme by Siteturner