Readit News logoReadit News
grepknfss commented on Pijul is a free and open source (GPL2) distributed version control system   pijul.org/... · Posted by u/thunderbong
vlowther · 2 years ago
More than that. If you have ever had to fix a bug in code common to multiple maintained releases of a project, being able to apply the same patch to them all as its own thing instead of having multiple cherry-picked commits with identical content would be nice.
grepknfss · 2 years ago
I think giving a patch its own identity is a pretty neat concept and clearly different than the git approach, so thanks for this example!
grepknfss commented on Disputed, Not Rejected   daniel.haxx.se/blog/2024/... · Posted by u/HieronymusBosch
TomSwirly · 2 years ago
I'm technically aware, but do I really have the expertise and bandwidth to tell the difference between an actual CVE and one that isn't, for the whole database?

The database isn't really much use unless it's pretty accurate, as few of us have the ability to evaluate correctness.

In this case, where there's an anonymous report, and a clear, near-elementary level explanation of how the code in question cannot be a security violation and has since been removed, the CVE should just be deleted, to save bandwidth for everyone.

grepknfss · 2 years ago
> I'm technically aware, but do I really have the expertise and bandwidth to tell the difference between an actual CVE and one that isn't, for the whole database?

I sure don’t. But who does? Who gets paid by whom to make this all work? Apparently whatever is happening now ain’t it.

grepknfss commented on Disputed, Not Rejected   daniel.haxx.se/blog/2024/... · Posted by u/HieronymusBosch
grepknfss · 2 years ago
On the one hand it seems like, if you are reporting a security issue, you should presumably have some kind of PoC. On the other hand we’ve seen plenty of exploits that required chaining a half dozen not-obviously-exploitable issues to achieve a successful exploit. If someone at MITRE has to adjudicate these issues for every CVE in all possible programming languages for all possible exploits for all possible software… well that seems like a tough job anyway.

I think the people using the CVE database as some kind of official source of actual security issues, as opposed to reported potential issues, is the problem.

grepknfss commented on Show HN: PRQL in PostgreSQL   github.com/kaspermarstal/... · Posted by u/kaspermarstal
grepknfss · 2 years ago
You should make the first instance of “PQRL” in your readme a link to that project.
g

u/grepknfss

KarmaCake day6February 19, 2024View Original