<![CDATA[It is nice to see getting Linux more secure every day because it is developed in the open.]]>It is nice to see getting Linux more secure every day because it is developed in the open. Just to remind any (AI) security researchers that the real reason for that was collaboration and helping each other. What happens now with Mythos & Co reminds me more of a person getting raped and then victem-blamed because they where wearing a mini-skirt.

In the case of copyfail the researchers do not even give a f@%k about community and have verified only paid distributions.

Link Preview Image
]]>https://board.circlewithadot.net/topic/dec78193-1e12-45e9-aceb-c2be2861489d/it-is-nice-to-see-getting-linux-more-secure-every-day-because-it-is-developed-in-the-open.RSS for NodeThu, 30 Apr 2026 15:30:23 GMTThu, 30 Apr 2026 04:15:58 GMT60<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 07:28:01 GMT]]>@Lioh OK, so what’s your preferred vulnerability disclosure policy?

Just linking the document is fine.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/marshray/statuses/116492473583303637https://board.circlewithadot.net/post/https://infosec.exchange/users/marshray/statuses/116492473583303637Thu, 30 Apr 2026 07:28:01 GMT<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 06:45:04 GMT]]>@Lioh@social.anoxinon.de Danke für die Einordnung, hatte gestern Abend leider nicht mehr genug Zeit mir das genauer anzuschauen ​

]]>https://board.circlewithadot.net/post/https://sk.zehnvorne.social/notes/alooocehkblw01x5https://board.circlewithadot.net/post/https://sk.zehnvorne.social/notes/alooocehkblw01x5Thu, 30 Apr 2026 06:45:04 GMT<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 06:21:26 GMT]]>@marshray really depends HOW one does it.

]]>https://board.circlewithadot.net/post/https://social.anoxinon.de/users/Lioh/statuses/116492211747432176https://board.circlewithadot.net/post/https://social.anoxinon.de/users/Lioh/statuses/116492211747432176Thu, 30 Apr 2026 06:21:26 GMT<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 06:04:58 GMT]]>@Lioh Reporting security vulnerabilities is a worse-than-thankless job.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/marshray/statuses/116492147021062667https://board.circlewithadot.net/post/https://infosec.exchange/users/marshray/statuses/116492147021062667Thu, 30 Apr 2026 06:04:58 GMT<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 05:26:36 GMT]]>@marshray you can paint ot how you want. I just think it's not nice at all.

]]>https://board.circlewithadot.net/post/https://social.anoxinon.de/users/Lioh/statuses/116491996162633201https://board.circlewithadot.net/post/https://social.anoxinon.de/users/Lioh/statuses/116491996162633201Thu, 30 Apr 2026 05:26:36 GMT<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 05:24:51 GMT]]>@Lioh They reported the bug to the Linux kernel security team over a month ago. A CVE was issued. I don’t know where the ball was dropped but, AFAICT, not a single distro took it seriously enough to release a patch.

It’s not the bug reporter’s job to run a testing service for everyone (mostly large for-profit companies) downstream of the Linux kernel.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/marshray/statuses/116491989254835710https://board.circlewithadot.net/post/https://infosec.exchange/users/marshray/statuses/116491989254835710Thu, 30 Apr 2026 05:24:51 GMT<![CDATA[Reply to It is nice to see getting Linux more secure every day because it is developed in the open. on Thu, 30 Apr 2026 05:13:08 GMT]]>It sadly sucks on so many levels. It is one of the worst releases I have seen so far. Even the informieren on how to mitigate the issue is unclear. Probably AI generated as well. What now? 'Patch now' or 'Before you can patch'? And no, I will not run your exploit code on my machine.

Link Preview Image
]]>https://board.circlewithadot.net/post/https://social.anoxinon.de/users/Lioh/statuses/116491943164468570https://board.circlewithadot.net/post/https://social.anoxinon.de/users/Lioh/statuses/116491943164468570Thu, 30 Apr 2026 05:13:08 GMT