Gnome implemented sandboxing for thumbnail parsers, but @ubuntu patches that out, because why not? https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1709164 …
-
-
It's easy to critise but the reality is that to ship a high quality distro all packages promoted to main have to go through a thorough review process which takes time. So whilst it's not in main we can't have other pkgs in main depend on it. 1/2
1 reply 0 retweets 9 likes -
Replying to @alex_murray @hanno and
It will likely get there soon, but the security team has limited resources and with 2018 being the year of a whole new class of vulns with seemingly no end in sight (aka spectre etc) everyone just has to be patient. 2/x
2 replies 0 retweets 8 likes -
Replying to @alex_murray @hanno and
I get it, but if you were saying "we didn't have resources to sandbox it", I would understand, but upstream wrote it and you're saying "we found resources to patch it out instead" - it's harder to grasp, no?
3 replies 1 retweet 38 likes
Upstream requires a dependency for sandboxing which is not currently packaged in Ubuntu main. The "patch" is a one-liner that disables a build flag. I think this bug has been open way too long, but hopefully this explains why it's a problem of limited resources.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.