i know no one cares because i'm not a security researcher but linus signed off on cryptographic vulnerabilities in the 7.0 release candidate back in march when the US starting bombing iran and i strongly suspect this was not the first or last time
@hipsterelectron I'm also not a security researcher. What does this mean?
@Azuaron an early exit was added to signature checking for ML-DSA variant module signing by red hat engineer david howells enabling the loading of unsigned kernel modules along with a host of other changes that enable local privilege escalation and various other rootkits
@Azuaron i should say IBM engineer since it's not red hat anymore
@hipsterelectron Is the implication that this was done so the US could do cyberwarfare against Iran? I'm a little confused on that connection.
i'm literally just the one person who cares about build systems for the right reasons
@hipsterelectron I think at some point everyone who cares about things being done the right way ends up with some relatively ignored subject that everyone else thinks they care way too much about. (I think mine is system logs.)
@mathew oh that's a good one
@mathew i would read the shit out of a system log blog post
@hipsterelectron @mathew I care about system logs but in totally the wrong way. 😂
potentially also the one person who remembers most of make menuconfig by heart and knows when Kconfig semantics changed quite radically recently, soon after this event
now there's stuff you can't change without modifying the source, like io_uring/Kconfig
not going to start crashing out about git in this thread but when he was cruel to The One Nice Maintainer and told him to stop updating the gitignore files i noticed even before i understood what was happening