:(){ :|: };: is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
:(){ :|: };: @jgoguen

Remember how systemd starting as root if the username starts with a digit isn't a bug? Turns out they're technically right. It's not a bug.

It's a bug worthy of a CVE. CVE-2017-1000082, which had to be requested by third parties. Like, I suspect, every systemd CVE ever.

nvd.nist.gov/vuln/detail/CVE-2

· Web · 33 · 18

@jgoguen amazing. It almost seems like systemd is a directed effort to destabilize Linux

@jgoguen imho not requesting a CVE is not really the problem. The problem is that they deny that's a bug, not even a security bug but a mere bug.

@Vigdis It smacks of serious lack of care for keeping end users (who care) and packagers and administrators informed of serious issues they're going to want to update to address. It just isn't acceptable for a project that wants to replace something as core as init, more so because they're trying to replace virtually every core important component.

@jgoguen getting a new Debian server soon, the first thing I'm doing on it is removing systemd.

@rysiek @jgoguen I think @maiyannah mentioned a while ago that it's quite easy to remove systemd and have the old init system back again. I havn't done that with !Freedombone, but if things with systemd keep deteriorating then I might.

@bob @jgoguen @maiyannah yeah, I remember, and that's exactly what I am planning to do.

@jgoguen And why does anyone think systemd is a good idea?

@Erin ¯\_(ツ)_/¯

End-users who have reasons for staying close to upstream, otherwise I have no polite opinions on that.