PlexSheep

Company: Here is a security vulnerability in your OSS project, please fix our production is vulnerable.

Random Guy working on OSS library in his free time: Sure, I have some time next month.

Random Guy works full-time, has a family and friends. Random Guy is not your supplier and has no obligations and warranties WHAT SO EVER, even implied. That's what the license of his project says.

If Company wants it fixed, they better allow him to work full time on it, or pay part time work. Or they pay someone else to maintain Project and send the changes to Project so Random Guy can take a little look and merge if he feels like it. Random Guy won't just merge company code and be done with it, more code in a codebase needs to be maintained now after all.

This also works with features of course. The time of Random Guy is valuable and if Company wants Random Guy to work on something they use, they'd better pay good money for that time.

I didn't really consider that there are feeds for such things, especially for my distro(s). Embarrassing, but it means you helped making me safer!

I'm now subscribed to the Debian security list, seeing as all my servers run Debian. I just had unattended upgrades with Mail logs before.

Didn't know this existed. Just subscribed. Thanks

This. Fuck cars

It is really informative! Spread the word.

Same for me. Ventoy is pretty amazing and keeps most of my isos on it. Sadly, sometimes it's not capable of doing the job, for example when I installed proxmox (based on Debian 12) this week, ventoy couldn't do it. Apparently this is a known issue in ventoy.

But yeah, for most isos, ventoy is the way of you install OSes somewhat often, as it contains partition layouts and boot records regardless (I think).

There is. Just use a media creation tool, like Rufus. dd'ing onto a drive is a hack.

This thread is targeted toxicity on LoL players.