I am annoying, but something being low-risk and not effecting most customers doesn’t make it a “false positive”.
I am annoying, but something being low-risk and not effecting most customers doesn’t make it a “false positive”.
“A liar who lies repeatedly won’t be believed” is definitely equivalent to “A company conservatively warned that one of their products was dangerous in some specific situations.”
Hanging out with you sounds really fun.
lol and you said you weren’t big mad.
It’s not a matter of “less or more information[…]”
Escalating every such bug […] would quickly drown out notices that people actually care about.
If your argument is that a specific class of security bugs aren’t worth CVEs, then make that argument. Instead, you’re saying the CVE isn’t valid and making an argument about the risk assessment and development lifecycle (as if those aren’t part of a CVE) and not the class of security bug.
I have, this entire time, said it’s a valid CVE that you don’t care about and that you shouldn’t be working as a cybersecurity professional. You have conceded the first point and continued to demonstrate the later.
“Uh, no. The CVE is valid, but it’s not about that.” You say, scrambling. “The dev cycle! It was already scheduled for release, so it’s not necessary to disclose. If everyone disclosed security bugs, we’d have too much information and we wouldn’t be able to filter for the notices we care about.” You retort, not realizing that you had already conceded that this wasn’t about the fact you didn’t care about the CVE, and instead arguing that less information is better rather than building tools to cope with the number of CVEs that are increasing regardless of their relevance to you personally.
“Frivolous” “Frivolous” “Frivolous”
Is it because it’s a DOS? No. That’s valid.
Feature off by default? No, that still warrants CVE.
Feature labeled Beta or Experimental? Nope, still warranted.
You must be one of those newcomers big mad F5 now has control of the record and you can’t pad your cv.
Girl, you’re saying you trust software that documents security vulnerabilities that don’t apply to you less than one that doesn’t document those vulnerabilities?
A CVE isn’t a black mark on a projects reputation.
Because of the way you misused terms, I’m guessing you’re not particularly familiar with cybersecurity. It’s an ever more important field for sysadmins and devs. I recommend taking the time to learn more.
My neato.
Guy replies with a hyperbolic shitpost about capitalism.
OP replies sincerely.
I reply hyperbolically in turn.
You assume I’m serious, then assume media can only mean “the mass news media” while ignoring any subtler parallels about access to information and adoption. (e.g. Does reading and writing being expensive relate to the early internet where access and hosting were expensive? Does the evolution of the written word have parallels with the evolution of the internet?)
If I’m responding semi-seriously, I do want to note that it’s only in the American school system where there’s no writing until the west gets paper. Armies of scribes carved into stone, impressed into clay, and wrote onto vellum to blanket empires in written news.
I think that’s too generalized. Print and written media existed for literally thousands of years before marketing finance.
Touch some grass.
Hard agree. Regret only using Z1 for my own NAS. Nothings gone wrong yet 🤞but we’ve had to replace all the drives once so far which has led to some buttock clenching.
When I upgrade, I will not be making the same mistake. (Instead I’ll find shiny new mistakes to make)
This comment really crystallizes your nerd subtype. I may be a [6] but you from arguing with you, ya sound cute 💜
Enjoy your selfhosting journey!