IgnorantGuru's Blog

Linux software, news, and tips

Topic Closed

“Surprisingly I haven’t found much info on the topic searching the forums…”

“Please search before posting… Marked for deletion.”

This is good comic strip material.

I think something is not quite right in Archville. And speaking of deal breakers, I was thinking earlier today how quickly most devs address a root exploit, and how serious they consider the issue to Linux. How can any dev be so nonchalant (for years) about insecure package management, when it is nothing less than a root exploit?

March 7, 2011 - Posted by | Uncategorized


  1. Funny to see my thread posted! I found the curt response somewhat off-putting, even more so than the issue itself. I wouldn’t care so much if I didn’t love all the other aspects of Arch!

    Comment by MycoRunner | March 7, 2011

    • I agree that Arch has a lot going for it, as I’ve pointed out many times. It’s also showing some signs of decay and abandonment by some of its chief developers. We’ll see what its future holds.

      Comment by igurublog | March 8, 2011

  2. You make your own blog a comic strip, or a contender among gossip blogs. Seriously, I’m not trying to offend you, instead I’m rather surprised to see someone, probably quite talented, waste so much time on personal vendettas.

    Seriously, do you think developers will work harder because you through dust in the wind? The only result I can see is an unproductive Facebook-like grouping for an anti-cause.

    If it makes you feel better, so be it. The only sure thing though, is that when pacman gets this feature it’s not because you trash talked its community.

    Comment by KimTjik | March 8, 2011

    • You don’t show much respect for the free flow and exchange of ideas, even critical ones, or how such exchanges can be valuable. You seem most intent on shutting people up, so I’m sure you’re very comfortable with the likes of the Arch forums. Yet this isn’t the Arch forums – it’s my blog. This is where I say what’s on my mind. If you don’t like that, or anyone else here sharing their ideas, oh well. You’re free to wander elsewhere. You’re even welcome to bitch and complain about us sharing our thoughts, if that’s all you can think to say.

      Hard work by developers is only one component of development, and it doesn’t take years of hard work to create a basically secure package management system. I have offered an immediate technical solution to seriously degrade the issue, and several developers are willing and able to fix this NOW with a few lines of code. All that’s stopping us is the politics of Arch development – the primary developers are unwilling to address this promptly, and are also unwilling to allow anyone else to address it, as they have been for YEARS.

      So all that’s left is for the users of Arch to communicate to the developers that this is an important issue for them, to discuss the issue among themselves so users are informed and can make informed choices, and so users can also take what interim measures are possible. Since this is impossible on the Arch forums, I am bringing it up here, to the extent that satisfies me. Such discussion is not useless or unproductive – I’ve already learned a lot from the discussion here, as have others.

      Comment by igurublog | March 8, 2011

      • If you’ve read what I wrote in a previous thread, you would have known that my aim is not to “shut people up”. I’ve never said you shouldn’t write about this security issue, or to not suggest temporary solutions. On the contrary do it! I’m only reacting against your manner of conducting this dialogue and its insinuations. Do you understand what I’m trying to say?

        I haven’t any argue with you as a person, neither do I suggest I know who you are by the content of your blod. You’re probably a nice fellow, that’s the way I look at everyone even though being in sharp disagreement. When I said that this blog entry sounds like gossip, or replayed you comment about a comic strip, I don’t mean that you’re a gossiper personalised. You’re talented, know stuff, and hence I only wish you direct those assets more beneficially. I wish you the best of success.

        Why shouldn’t I respect a “free flow and exchange of ideas”, just because I believe you’ve chosen the wrong approach to a technical security issue of Arch package management, an approach I believe harms both parties more than it benefits? I don’t appreciate the Arch forum because of any friendship with its users; I hardly know anyone personally, or even have an interest in having friends I can’t interact with in flesh. Anyone on the Web can pretend, and fortunate or unfortunate seem to have a certain personality. Thus I’m appreciating the Arch forum because it’s more of a none fuss forum, something that fits well with my work flow and quite busy life.

        I’ve gone through the list of all threads you’ve participated in, and I can’t see anything odd. Two threads closed is nothing to be upset about, since it’s all about policy and not politics. A moderator even protected one of your threads, by a kind reminder of focusing on technical aspects and not allow a flame war. That benefited both you and others interested in you ideas. Being a single user doesn’t equal a right to have unlimited freedom, as anything unlimited in its conclusion limits someone else’s freedom. At times we ought to take even further steps back, to gain a higher value of common freedom.

        Comment by KimTjik | March 8, 2011

  3. What proper words… Super, brilliant thought

    Comment by Ирмен | March 9, 2011

Sorry, the comment form is closed at this time.

%d bloggers like this: