Well, there’s a fix…. 2.1.2….
I’ve posted a request on the gentoo programming forum for more info on this. I’ve had one response from one of the Gentoo Dev’s and he does not seem to be satisfied that 2.1.2 address all GLSA concerns. But let me quote him “it will probably last for a while, as it has had a stream of security issues lately.” This was his response to how long wordpress maybe out of the standard installation stream.
Not the answer I was hoping for.
—
DancesWithWords
*shrug* I’m not using the 2.1 branch at all, and I’m certainly not using any wp with gentoo…. but then again, if my OS decided I couldn’t use something because my OS thought it was “against my best interests”, I’m pretty sure I’d:
A. NOT be a happy camper; and
B. find another OS.
Just different perspectives, for me a secure OS is more important than one possibly insecure app. Thing is if I was a competent programmer I might be able to deal with these problem myself and still be able to run WordPress. Gentoo reflect my choices as well, when it come to security I’d rather be conservative.
I’ll be patient and wait until WordPress once again meets the security standards of my OS and I’ll re-install. In the meantime I’ll do without or use something else.
I due appreciate your feedback though.
—
DancesWithWords
Nope, opinion, not feedback…. and in over 20 years with various MS OSes, I haven’t had one security incursion, virus, worm etc.
So I don’t really worry much, because what I do works. And I do NOT allow the OS to decide what programs I run.
I find it difficult to believe not that you said that you run Windows and if you been running Windows for 20 years then that does not necessarily make you an expert on OS’s. If fact it argues the opposite of it.
—
DWW
Restating the obvious, (obviously),
Ultimately, its up to the people that develop Gentoo to decide what comes with the distribution — thats the way it is.
The “good” thing is that they actually pay attention to these things, which pleases me, as a *NIX lover and user.
It’s a priveledge to be included within any LINUX/BSD distro and maybe a revocation of that priveledge is what’s needed to clean up the code here, as it were.
Frankly, and this is just one person’s opine : that branch was hastily released, again, in my opinion, just to meet a date, and that’s not how software ought to be developed, or released.
And unfortunately, Matt is seemingly intent on continuing to use timelines to dictate his release schedule. (I would love to provide the link where he hashes out the dates – but I cannot find it currently. I just know I saw it a few weekes ago.)
I’m more wondering how many security issues Gentoo has had over the years. 🙂
Any when they plan on masking Apache for all of their security issues they’ve had as well.
Anyone else think that maybe, just maybe, those folks are overdoing it just a tad?
Last time I checked Apache had not had a server compromised had they?
Meaning that the server itself that hosted the files had not been compromised.
And Gentoo has had plenty though I’m not sure what that has to do with anything. And it’s really a moot point. Like it or not, it’s up to them.
