- Joined
- Oct 6, 2016
And apparently it's been there for nearly 2 decades
Diseased Open Source Software Community - it's about ethics in Code of Conducts
- Thread starter CrunkLord420
- Start date
-
🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
- Joined
- Jul 22, 2017
So basically don't use git until further notice. Neat, very cool. RIP all the automatic docker kubernutz devgays getting supply chained attack as they git clone shit on a cronjob or whatever. Like the entire Rust economy is built on git. Whose unsafe now, rustsisters?
Kola
kiwifarms.net
- Joined
- Jun 27, 2024
The past 5 pages prove beyond all doubt that there are no discussions left to be had on the internet, it's all about signalling affiliation. I only have to voice a single opinion on any subject and there's a neverending line of midwits ready to assign me a whole portfolio of (often contradictory) views and group memberships. Nobody listens to anything, it's all reduced to ingroup/outgroup dynamics. As evidenced by every time Rust is brought up.
- Joined
- Aug 13, 2024
Most of it goes through crates.io which doesn't involve git clones.
For docker and kubernetes to get raped, they'd already have to be pulling malicious packages which could probably do whatever they want anyway. Same with any git cloned rust packages.
Distro package repos that pull in remote projects should be sandboxed as well, though there is a chance some aren't.
My bet is on nothing.
Ah yes, the package I was about to build on my machine with user privileges and run with user privileges can now execute code slightly earlier.
Nobody should care unless they regularly clone untrusted code for inspection or something.
- Joined
- Aug 21, 2013
I barely understand what this chain of words means and yet it's one of the funniest things I've read all week. It reads like pidgin.
- Joined
- Aug 13, 2024
Also there is a rewrite of git in rust which probably doesn't have this issue. You can count on them being smug about it soon.
- Joined
- Jan 31, 2021
Saar, may I recommend Devuan, the 100% depoetterized fork of Debian, so that you may do the needful?
"Many eyes make all bugs shallow!" - Eric S. Raymond, retard at large
https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 said:
- Joined
- May 14, 2024
My good saar, allow me to take this opportunity to shill artix.
But seriously having access to the AUR with a helper is (my opinion) the missing bit for linux and they're not just megachuds. They're reasonable people that are painted -in the same way metux has been- as drumpf nazi hilter 1488s.
They even already have Xlibre ISOs
Last edited:
- Joined
- Aug 13, 2024
I read through the linked post and went to check if gitoxide is vulnerable, but wasn't able to do a recursive clone.
Turns out, gitoxide doesn't support submodule cloning yet (lmao).
- Joined
- Mar 27, 2025
The Wayland model of security.
- Joined
- Sep 6, 2019
Using git is fine. Just don't use the submodule shit until it is fixed. And if you use submodules, just stop, submodules is something that should never have been added to git.
But anyway. If you git-clone third party repositories as part of your build process you are an idiot and you deserve everything that happens. Yes, that includes the rusters. There, I said it.
- Joined
- Mar 23, 2020
Thank you good saar, I will be redeeming the baharat Devuan most fastly!
Vishnu bless you honored brahmin saar, may you be redeeming ten thousand rupees!!! Jeetsneeding aside, both are very good options for sure. I'm probably going to settle for Artix despite elogind/dbus/udev. I've been meaning to get an XLibre system going and its looking like the chud buds are probably the best bet for achieving that. Thank you good saars for helping me find my new designated shitting system, may you redeem 10000 liters of cow urine for your good faith!
- Joined
- Mar 27, 2025
Was watching this video and realized he's still not using his facecam. I thought at first he was just having technical difficulties or something, but did this thread calling him a soyjak literally bully him into turning the webcam off?
Rancid Xylitol
kiwifarms.net
- Joined
- Apr 24, 2025
- Joined
- Apr 11, 2023
Soyjak's whatever. It's that he's a generally unlikable kike that he's trying to avoid drawing more attention to right now. Pixelslop isn't ethnic.
- Joined
- Mar 27, 2025
He is not trying to hide the fact that he's an annoying Jew, as I pointed out he just put out a video accusing free-palestine libtards of blood libel and he keeps doing the whole "how could they accuse a heckin jew of nazism, don't they know nazis hated jews".
- Joined
- Sep 10, 2021
You've spent the last 5 pages knowingly defending a serial child molester. Your position is indefensible. We're not talking about anyone else.
Completely and utterly irrelevant to application development given the fact that if you are voluntarily executing the application's code, it's almost trivial for it to exploit your system and escalate privileges? It's probably the third biggest reason Wayland has had such a strained development after "Working as designed." and "What's your use case?"
- Joined
- Mar 13, 2022
Even Qubes OS, a paranoid security-focused distro, doesn't use Wayland. It puts everything in VMs which means X11's lack of isolation is irrelevant. "What's your use case" indeed.
- Joined
- Aug 13, 2024
I know this is the X11 circlejerk thread but I don't think the permission model is the problem with Wayland. Least privilege is good.
The problem is that "Working as designed" and "What's your use case" make the permission model an issue, and the only reason those are an issue is because most compositor/application developers try to start at getting a protocol merged instead of testing what works and what doesn't first.
I really hope that happens more and redhat loses its grip over the project but
The end goal here is obviously not to be Qubes. The goal is to work with sandboxing solutions like Flatpak so applications are no longer executing with user permissions, then plug the holes in the display server. Without sandboxing its nearly pointless but the goal is obviously to sandbox as much as possible. The end result is more akin to the security model of a phone than that of Qubes.
I hate Flatpak as much as the next self-respecting person, but sandboxing is a good thing.
Edit: Look at all the compositor-specific stuff in wayland.app that the various DEs have built because the standardized protocols are too limiting:
Wayland needs more of this, but slightly better specified and intended for app developers outside of their respective projects to use. The good ones would then become de-facto standards, similarly to what happened with the wlroots protocol set.
Last edited: