| === sarnold_ is now known as sarnold | ||
| === chris14_ is now known as chris14 | ||
| sarnold | Juest: publishing your keys should be pretty safe, at least if you want the email address on the keys to be published.. | 02:49 |
|---|---|---|
| sarnold | Juest: consuming keys from the keyservers is riskier, but still moderately safe | 02:50 |
| teward | mdeslaur: just gonna ask but since when has Microsoft ever done anything to the standards expected for software specs and stuff (re: unzip bug) | 13:42 |
| mdeslaur | teward: hehe, well, you'd think they would do interoperability tests...but I guess not :) | 13:43 |
| teward | mdeslaur: I mean Microsoft **intentionally** ignores/violates email RFC for handling responding to messages, prioritizing the 'Thread-Topic' header - a microsoft-ism - over 'Subject' when hitting "Reply" in any Microsoft mail client | 13:44 |
| teward | and breaks things like lists, etc. | 13:45 |
| === sdeziel_ is now known as sdeziel | ||
| mdeslaur | teward: it took me _way_ too long to figure out why I couldn't extract a downloaded pictures zip file | 13:45 |
| teward | Microsoft has *zero* care for standards and they've proved it time and time again | 13:45 |
| teward | mdeslaur: welcome to Microsoft, population "Use our [CENSORED] and nothing else" | 13:45 |
| mdeslaur | teward: breathe in, breathe out | 13:45 |
| teward | mdeslaur: oh i haven't even BEGUN my daily microsoft hatred tirade! *ground shakes and shatters and dark smoke and fire just erupt from the hellhole that opened* | 13:46 |
| teward | :P | 13:46 |
| teward | mdeslaur: but no Microsoft has never cared for interop with anything. Except basic WSL stuff | 13:46 |
| teward | and... well, that's about it. Only thing they did positive was SQL Server for Linux when you *need* MS SQL Server and PSQL isn't a good alternative | 13:47 |
| teward | ye i'm biased :P | 13:47 |
| mdeslaur | hehehe | 13:58 |
| teward | mdeslaur: security related question, how much of a 'security' bug is it when the default permissions set by the installer | 14:19 |
| teward | for a netplan yml on install trigger immediate warnings from Netplan when applying? | 14:19 |
| teward | blah stupid keyboard | 14:19 |
| mdeslaur | teward: you mean the permissions are too open? | 14:19 |
| teward | encountered last night on a brand new 22.04 image with up to date netplan, the 50-cloud-config.yml file was created with 644 root:root perms and Netplan started whining about 'too open' and wouldn't stop yelling unless it was 600 | 14:20 |
| teward | ye | 14:20 |
| teward | trying to reproduce in a 22.04 VM because LXD containers sometimes are not the most reliable test | 14:20 |
| mdeslaur | well, file a bug, but since it's the installer, there's no real point in it going to -security | 14:20 |
| teward | right that'd be against subiquity or whatever it is in use right now | 14:21 |
| teward | was wondering if it qualified as a security bug or not though | 14:21 |
| teward | just before i go down the rabbit hole :P | 14:21 |
| mdeslaur | sure, it's complaining for a reason, mark it security | 14:24 |
| === chris14_ is now known as chris14 | ||
| teward | mdeslaur: for awareness, https://bugs.launchpad.net/subiquity/+bug/2052524 was filed for that issue i observed. The backport of netplan.io to jammy-updates introduced the new warnings unlike previous, and Foundations has this on their todo list to address for the installer now I believe | 21:36 |
| -ubottu:#ubuntu-security- Launchpad bug 2052524 in subiquity "INSECURE permissions for Ubuntu Netplan YAML on installer execution" [High, Triaged] | 21:36 | |
| mdeslaur | cool, thanks teward | 21:36 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!