Rawhide - Calibre
Kevin Fenzi
kevin at scrye.com
Sun Jul 21 16:21:54 UTC 2013
On Sun, 21 Jul 2013 17:46:45 +0200
Lars Seipel <lars.seipel at gmail.com> wrote:
> On Sun, Jul 21, 2013 at 09:03:05AM -0400, Scott Robbins wrote:
> > Are you using the rpm or the download from Calibre's site? Note
> > that they do recommend one does not use a distro's version.
>
> Did they fix the serious security problems in the upstream-provided
> packages? They used to install some exploitable helper program suid
> root. The Fedora package (and most other distros') stripped that
> binary and made Calibre use a more secure mechanism.
Fedora never shipped this helper.
We didn't need it, and it was suid and crazy.
> The original bug[1] seems to have the status "Fix Released" but after
> reading the discussion on the bug I'd really avoid installing their
> packages.
>
> If the Fedora package doesn't work for you let's make it work.
>
> [1] https://bugs.launchpad.net/calibre/+bug/885027
> or LWN coverage at https://lwn.net/Articles/465311/
yes, all old history. it was also fixed upstream after his outcry.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20130721/bca13bf1/attachment.sig>
More information about the test
mailing list