Tue, Oct 17
Mon, Oct 16
This issue is now addressed in:
Sat, Oct 14
Fri, Oct 13
already fixed in this version
Thu, Oct 12
Wed, Oct 11
Note: Changes in the ABI symbols aren't caused by the patches
Or just turn off bluetooth by clicking the icon in the tray - which is something you can already do. We're not a security distro like Kali, and we're not a privacy distro like Tails. We're Solus. Let's keep our eyes on the prize, please.
I was actually just about to write about USB. There are users who prefer auto-mounting, others prefer to do this manually, and again others prefer to the option to block all USB ports. Here's a thought: What about introducing a Budgie security/privacy widget with different modes to switch between? Such modes could range from a total lockdown of the computer to an essentially open system and the user could choose under which mode to run the system.
Your rationale makes no sense - in this case we should also block USB because of the potential. Gimping the out of the box experience so stuff doesn't work because
"that one time it had a CVE" - and making the system worse for the user pretty much goes against everything that makes Solus what it is.
I still think bluetooth should be deactivated by default. You also don't let water run because you eventually take a shower at the end of the day. It's usually turned on when needed and should stay off when it isn't. Obviously display server and kernel are components which you cannot turn off if you want to use your system. Thanks for pointing to SSP and ASLR, wish this were documented somewhere in the help center under security though.
In that case lets disable the display server too - because we've had loads of CVEs there. Or the kernel - had tons of CVEs there :P
Mon, Oct 9
Indeed, I ran it against 2.3.0.
So actually it's ready to land then ?
There were a number of CVE's for 2.2.0 (your flaw is running cvecheck on the 2.3.0 package.yml, where there aren't any CVE's against 2.3.0).
You are doing that against 2.2.0, right?
I don't know if I missed something, but the cve report is empty...
there are certainly some CVE fixes but they didn't mention anything in their changelog
Fri, Oct 6
LGTM - nixed the long test plan (good to have them, doesn't always need to be in the index)
Wed, Oct 4
Tue, Oct 3
Thu, Sep 28
Wed, Sep 27
bump to 2.8.3