<ris>
realized i've forgotten about a lot of 19.03 backports
justanotheruser has joined #nixos-security
ris has quit [Ping timeout: 258 seconds]
Synthetica has quit [Quit: Connection closed for inactivity]
<samueldr>
I'm wondering what process I should follow to properly disclosed the (known) issue of the pinebook pro shipping with a distro with (1) ssh (2) accepting root login (3) with password (4) with default password root
<samueldr>
I'm sure a security analyst would have a couple veins burst following what is being done with that default distro
<samueldr>
it's being done by a third party community member, which makes this a bit touchy
<samueldr>
and highly lacks reproducibility
justanotheruser has quit [Ping timeout: 246 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 240 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 265 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 265 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 240 seconds]
FRidh has joined #nixos-security
<andi->
samueldr: security@ on their end? Does that even exist? If not file an issue towards that distro?
sphalerite has quit [Remote host closed the connection]
sphalerite has joined #nixos-security
sphalerite has quit [Client Quit]
sphalerite has joined #nixos-security
sphalerite has quit [Client Quit]
sphalerite has joined #nixos-security
haiko has joined #nixos-security
tilpner_ has joined #nixos-security
tilpner has quit [Ping timeout: 276 seconds]
tilpner_ is now known as tilpner
filemon has joined #nixos-security
<filemon>
plz someone remove this hacker my ip seems to change too - from my PC-TY
filemon has quit [Ping timeout: 268 seconds]
pie_ has quit [Ping timeout: 268 seconds]
<samueldr>
it has been disclosed to the (sole) author, and they don't care :/
pie_ has joined #nixos-security
<andi->
samueldr: oss-security?
<andi->
Might be a good way to get some attention on the issue
justanotheruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 240 seconds]
justanotheruser has joined #nixos-security
filemon has joined #nixos-security
filemon_ has joined #nixos-security
filemon has quit [Ping timeout: 268 seconds]
filemon__ has joined #nixos-security
filemon_ has quit [Ping timeout: 240 seconds]
filemon__ has quit [Ping timeout: 268 seconds]
<tilpner>
samueldr: Ping tllim/open a ticket?
<samueldr>
the whole distro is tiring me... it *is* so hapazard, probably should come with a disclaimer from california about some risks
<samueldr>
now, because of some security incident at the factory, they have shipped some with windows viruses in the (FAT) boot partition, which is likely a stowaway from burning on windows machines
<samueldr>
so the update script has been updated to delete everything not expected from the partition :/
<samueldr>
update script which is of dubious quality, unzipping stuff on the FS
<tilpner>
D:
<gchristensen>
!!!!!
FRidh has quit [Quit: Konversation terminated!]
<IdleBot_59b8da4c>
Maybe the distro should be treated as just a «this is how you bring up the drivers» working demo…
<IdleBot_59b8da4c>
(which is a very useful thing for a niche platform, of course)
tilpner_ has joined #nixos-security
tilpner has quit [Ping timeout: 276 seconds]
ckauhaus has quit [Quit: WeeChat 2.6]
ris has joined #nixos-security
tilpner_ has quit [Remote host closed the connection]