Just before the deadline for the :debian: release, the missing pieces fell into place and I came up with this beautiful new design that would not only fix my first Hurd vulnerability in a cleaner way, it would also make... some other things... better.

That's the good news, the bad news is that the new design is very different from what I've been doing this far, so I'll need to rewrite everything once again. And I have very little time.

· · Web · 3 · 1 · 2

$ git switch -c beautiful-new-design origin/master

Update: things are complicated, but we're getting there

@bugaevc I don't see the connection between the #Debian release and the #Hurd . Are there plans for a Hurd release soon?

@mpjgregoire Debian GNU/Hurd is one of the Debian ports, and the primary way people use the Hurd. We're trying to squeeze fixes into the upcoming Debian release, initially as downstream patches.

After that, we'll be able to release the details and talk about these vulnerabilities and what we've done to fix them publicly. Eventually the fixes are going to make it into some upstream Hurd release too.

If you're using non-Debian Hurd and don't want the details released until you are safe, speak up on bug-hurd

@bugaevc Oh, I haven't actually used the Hurd for years, certainly no need to worry about my security. I would *like* to run the Hurd on one of my computers, but not just at the moment.

Good luck with development.

@kai well yeah, I ended up altering almost every component of it. Although the new version of the patchset is way less invasive.

@bugaevc wow! good luck! I am usually hanging out with the minix crowd on irc 😋

@kai@pl.ajin.laand cool! — and I know next to nothing about Minix 🙂

@bugaevc do you have a write-up of the changes you are working on?

@kai perhaps :) But I'm definitely not releasing any details yet. That has to wait until the fixes are rolled and people's systems are no longer vulnerable.

If you're missing some context about what this is all about, these are the previous threads:

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!