> The module is unmaintained. Who do you suggest should do it? Will you?
Yes. I am contacting the security team and working on a patch already. The page mentions someone is currently working on the issue already however.
> "This software is broken so you shouldn't use it" is absolutely a perfectly reasonable solution.
I don't completely agree. If it's unmaintained, new installations shouldn't use it, totally agree. That doesn't help the 120K installations which are using the plugin though. It may take more time to impedance match apis, rather then fixing the security issue.
Looking at the source it took me < 5 minutes to find the actual vuln =/. Drupal saying "Just migrate away" is not the correct way to handle this disclosure. Some people can't switch immediately. A patch should be made available, and the module should be depreciated. Does Drupal have a way to update modules easily? If not, there should be...
Ah, yes some areas are lacking. I am more concerned about correctness though. Do you ever find math material that is completely wrong on Wikipedia? Stuff like number theory, abstract algebra, and category theory seem to hold up when I cross reference. I'm in no position to qualify myself as mathematician though, I just enjoy mathematics a lot.
I remember asking for a smaller monitor and getting some weird looks. To much screen space and I'm always turning my head left and right, was hurting my neck. I prefer virtual desktops and a tiling window manager.
That's really inspiring that you started your own business! I would love to hear more about what you do.
I'm dealing with some personal stuff and feel like I'm in the same boat, having to start my own business to have the flexible hours that I need. Any advice you can pass along would be appreciated.
Usually I diagram the very high level architecture of the program. Anything lower is to volatile and wouldn't reflect the design due to code changing all the time.
Root by itself does not break security entirely. Selinux policies and capabilities assigned to binaries can be used to drastically mitigate privileged processes from doing much harm.
Can you go into more details? Why did something take 30 minutes or longer to build? Was the environment being cleaned every time? Was an artifact server not being used?