Re: That's a shame
Unfortunately, it's "schadenfreude".
23 posts • joined 8 Jan 2020
> The worst offender is the jackson-databind-2.4.0 package...
IIRC 2.4 is pretty old (for the modern software release cadence) and is known to be an insecure pile of trouble. In fairness to Tatu and company newer versions are more secure. It seems a bit disingenuous to point at such packages and say "oh no, insecure code!".
> Anybody who notices the lack of sh can easily install it
It's not about not having /bin/sh! It's about systems which have *a* /bin/sh that *isn't* bash. All that POSIX requires is that it implements the POSIX shell as specified. Some distros use bash, some distros use dash, some use a stripped-down shell that only supports what POSIX needs.
The problem is software which assumes that you can write bash-isms and then run them with sh. If the script starts with #!/usr/bin/env bash" or something, then the user can install b"ash as needed. If it starts with #!/bin/sh then it won't work on non-bash-native platforms at all.
> ... US Homeland Security agents raided her house ...
Why DHS though? Surely this is a criminal matter at best (although they apparently proceeded with a civil complaint to recover the stolen property) so within the bailiwick of Department of Justice?
All I can come up with is that Turing's papers somehow contain the secret to breaking all elliptic-curve cryptography despite it not having been invented yet.
> the US Constitution precludes the government from simply taking private property and giving it to the public
-- The Shill
> ... nor shall private property be taken for public use, without just compensation.
-- The Fifth Amendment
I guess he forgot about that last bit. They do have to pay for it, though.
Biting the hand that feeds IT © 1998–2020