[Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)

Jonas Smedegaard dr at jones.dk
Tue Jan 5 10:19:40 EST 2016

Previous message: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Next message: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Samuel Greenfeld (2016-01-05 17:34:18)
> In general, many widely used Sugar distributions are based on 
> Operating Systems that are at least a few years old and full of 
> security holes.
>
> Bringing them up to date for computers like XOs that need updated 
> hardware drivers would require a fair amount of effort.  (Hence the 
> move by some groups to standardized hardware and Ubuntu for long-term 
> support.)
>
> The primary mitigating factors {if you could count them as such} are 
> that (1) many Sugar users are offline or barely online, and (2) the 
> obscurity of someone trying to hack telepathy versus using a wider 
> exploit against something like libjpeg or OpenSSL.
>
> But I wouldn't rely on obscurity as your sole protection.

The security flaws I suspect exist in legacy Gabble is indeed OpenSSL 
flaws.

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.sugarlabs.org/archive/sugar-devel/attachments/20160105/dfea774a/attachment.pgp>

Previous message: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Next message: [Sugar-devel] [Announcing] UNSTABLE 0.107.1 release (feature freeze)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list