Tootfinder

Opt-in global Mastodon full text search. Join the index!

@mcdanlj@social.makerforums.info
2024-04-19 21:37:30

First papercut with #Silverblue — I have roughly forever kept a symlink /m/media/johnsonm because I really don't like typing all that.
I built a local package with that symlink to get my symlink back, and then when I tried to install it immediately hit

Determine support path for RPMs that install into `/opt`, `/usr/local` etc · Issue #233 · coreos/rpm-ostree
RPMs like Puppet and Google Chrome go in /opt. For the package layering case, in this PR we made it an obvious error. The core problem here is: OSTree defines /opt (really /var/opt) as system admin...

@nobodyinperson@fosstodon.org
2024-04-11 09:06:34

#GNOMEBoxes doesn't see symlinked ISOs:
gitlab.gnome.org/GNOME/gnome-b
Not ideal for tracking your installation image files wi…

Symlink ISOs aren't selectable in the file picker when creating a new box (#1085) · Issues · GNOME / GNOME Boxes · GitLab
Affected version Boxes version: 45.0 Flatpak: No Operating system name and version: NixOS, Boxes from

@kernellogger@fosstodon.org
2024-03-05 10:23:32

Weird or confusing #Git terms? I for one had no big problems with HEAD[1]. But for some strange reason another one caused me confusion for a long time:
"origin"
Sometimes I think Git should force users to name a remote when cloning a repo, as I guess it would make grasping the concept of Git remotes quite a bit easier for some people.
[1] @…

Julia Evans (@b0rk@jvns.ca)
so far my best guess about where the name "HEAD" in git comes from is: * git got the term "heads" from monotone, where it means "revisions with no children" https://www.monotone.ca/docs/Branches.html#Heads-and-merging (though "heads" in git sometimes do have child commits) * HEAD was originally a symlink to the current `head`, but it was all caps so that it would appear first in the directory listing (the way README is), I guess to indicate that it's a Very Important File https://github.com/gi…

@mgorny@pol.social
2024-04-06 08:05:04

2024-03-19, ogłoszono dwie dziury bezpieczeństwa na liście mailingowej, poświęconej problemom bezpieczeństwa Pythona: "quoted zip-bomb" i "TemporaryDirectory symlink dereference during cleanup". Obie miały dotykać wszystkich aktualnych wydań CPythona.
Tego samego dnia, wydano nowe wersje Pythona 3.10, 3.9 i 3.8. Co ciekawe, nie było wydań dla 3.11 i 3.12.
2024-04-02, w końcu otagowano Pythona 3.11.9. Początkowo, podpis dla archiwum się nie sprawdzał. Dziś już …

@mgorny@social.treehouse.systems
2024-04-06 08:05:04

On 2024-03-19, two vulnerabilities were announced on #Python #security mailing list: "quoted zip-bomb" and "TemporaryDirectory symlink dereference during cleanup". Both were announced to affect all current #CPython releases.
The same day, security releases were made for Python 3.10, 3.9 and 3.8 branches. So far, so good. However, I found it surprising that there were no releases being made for 3.11 or 3.12.
On 2024-04-02, Python 3.11.9 was tagged. Initially, the signature on source tarball didn't verify. Today, it does verify, but the release still doesn't seem to have been announced. However, what I found the most surprising is the lack of fixes for the security issues announced before! Was the release borked?
So I've checked in more detail… and it turned out that both issues were already fixed in 3.11.8 (and 3.12.2), so the security announcement was wrong. Sigh.
That said, #PyPy is still affected.
mail.python.org/archives/list/
mail.python.org/archives/list/
discuss.python.org/t/python-3-
bugs.gentoo.org/927299