On Tue, Sep 13, 2016 at 12:24:33PM -0400, Bastien Nocera wrote: > > > ----- Original Message ----- > > On Tue, Sep 13, 2016 at 07:30:07AM -0400, Bastien Nocera wrote: > > > > > > > > > ----- Original Message ----- > > > > I'm seeing 24 bugs at: > > > > https://apps.fedoraproject.org/packages/fprintd/bugs/all > > > > including a potential security one: https://bugzilla.redhat.com/1333882 > > > > > > Fedora's bugzilla is a garbage fire as far as I'm concerned. I already made > > > that abundantly clear I think. > > > > Well, https://bugzilla.redhat.com/1333882 is a security bug, blocking: > > https://bugzilla.redhat.com/1305770 which mentions: > > `` > > Upstream bug: > > > > https://bugs.freedesktop.org/show_bug.cgi?id=89407 > > `` > > > > and: > > `` > > This issue has been reported as far back as 2011: > > > > https://bugzilla.gnome.org/show_bug.cgi?id=651196 > > `` > > > > So, you may not care about Red Hat bugzilla, but there is a security bug > > issued > > in there for more than 6 months and which is referencing a bug "upstreamed" > > for > > 5 years. > > Which I don't consider to be a security bug, hence the reason why I didn't touch it. Could you elaborate a little on your reasoning/thoughts please? I am quite interesting to understand your point of view. >From where I stand, we are offering a way for someone to unlock someone's else computer without a password. I understand the procedure isn't straight forward: - Find unattended and unlocked laptop - Enroll your fingerprint - Gain access to the computer whenever you want I do realise that to do the second step you need access to the machine, which is pretty much the third step. But enrolling your fingerprint is likely less noticeable by the owner of the machine then, say, changing their password (which actually asks for the current password first), but will give you want you ask: permanent access to the machine (physically). This is all nicely theoretical but it still seems like something that should be fixed, no? Thanks, Pierre -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
