On Sun, 21 Jul 2013 17:46:45 +0200 Lars Seipel <lars.seipel@xxxxxxxxx> wrote: > On Sun, Jul 21, 2013 at 09:03:05AM -0400, Scott Robbins wrote: > > Are you using the rpm or the download from Calibre's site? Note > > that they do recommend one does not use a distro's version. > > Did they fix the serious security problems in the upstream-provided > packages? They used to install some exploitable helper program suid > root. The Fedora package (and most other distros') stripped that > binary and made Calibre use a more secure mechanism. Fedora never shipped this helper. We didn't need it, and it was suid and crazy. > The original bug[1] seems to have the status "Fix Released" but after > reading the discussion on the bug I'd really avoid installing their > packages. > > If the Fedora package doesn't work for you let's make it work. > > [1] https://bugs.launchpad.net/calibre/+bug/885027 > or LWN coverage at https://lwn.net/Articles/465311/ yes, all old history. it was also fixed upstream after his outcry. kevin
Attachment:
signature.asc
Description: PGP signature
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
