F15 - status of /run/user, /dev/shm, and potential for a DoS attack

Ashwin Mansinghka linux.pundit at gmail.com
Thu May 19 17:17:14 UTC 2011 

On 05/19/2011 01:25 AM, Adam Williamson wrote:
> On Wed, 2011-05-18 at 19:35 +0000, JB wrote:
>
>> The end users of F15 are at risk.
>> They should be fully advised what's the danger with this product.
>> After all, it is an open-source project.
>>
>> The issue is serious, because it raises not only technical questions, but also
>> internal (Security, QA, etc teams) and policy ones.
>
> Your post is long on platitudes and short on specifics. It's not very
> convincing, frankly. It's all very well to soapbox about the importance
> on security, but you need a solid justification as to why you believe
> local DoS exploits should be treated as a major issue.
>
> Please also consider the target audience and intended use cases of
> Fedora in doing so. Fedora is not a distribution we generally expect to
> be put into use in contexts where a DoS is a really significant problem;
> we don't expect anyone to be running it on critical servers. This is one
> we reason we tend to consider code execution issues to be far more
> serious. It's also likely that it is not commonly used in a true
> multi-user configuration with non-trusted users. Remember that Fedora is
> not RHEL.

@Adam, I have seen from day one that you twist facts to suit yourself only.
Your stand now on this security issue and also on choice of which 
Desktop can block  the release are nothing but ridiculous with only one 
objective i.e to set goals with which you are comfortable and not 
necessarily what the community wants. Your performance may matter for 
Redhat. But you have failed towards the users.

Your apathy towards and ridicule of others views gives me a feeling that 
it is time to move to a different place. Soon Fedora will rot.

And, I do not care if you or the list admin delist me for this post. Nor 
do I care for your ridicule filled reply, so just do not bother, and 
keep changing your yardsticks to suit yourself. and enjoy. Like some one 
said - party is over......Fedora is no more a community choice.

with Regards,
ASHWIN

More information about the test mailing list