Jesus christ, you don't even know how to use quotes in a forum man.
Right, what part of "or it may" don't you understand? Thanks. You gotta be less insufferable.
Your 1, 2, and 3 above are hardly worth addressing, especially given you flat out don't understand the difference in a remote wireless threat that can be exploited from miles away, and one to your self contained home LAN (ssh password).
Okay got it. So you think the average person's home LAN, especially with gamers forwarding ports frequently on their shitty unpatched routers, is not a major concern or anything, but some hackerbro using a high powered bluetooth gun from 2005, using this one exploit hoping to get in, is the real risk here to everyone's MiSTer's and should be taken extremely seriously. Got it. Priorities brutha.
"hoping that no one would fact check you" lol dude. I picked a random seemingly easy to understand issue. And yeah, look how you beat your chest like king ape, and you turned out to be wrong re: impacted kernel version.
I mean, I said OR IT MAY, but okay. I wasn't wrong, I'm open minded, unlike you. You can ignore that all you want.
"Why didn't you point this out on the github issues page for the MiSTer linux repo" as I said above, Sorg has made his position on the Linux subsystem clear, both in his words that I pasted above, and in his refusals to support other PRs and issues in the past. Literally not worth my time. I'm free to discuss my concerns here on the forum, still, am I not?
Okay, so you have just inferred that he won't patch this particular vulnerability, solely because you have read his response to other adjacent issues from a long time ago. Sounds like you aren't putting in any actual effort into getting this fixed when you ostensibly care so much about it. That's a weird conflict between your stated motives and your actions here.
"if I can get the exploit figured out from your sources" you clearly don't have that skill level on deck. Lets not pretend, we both know few people here can check you on that claim, but you don't have to pretend with me. I mean you can't even work out the differences in the processor arch, let alone debug the potential impact. You could have simply looked at the kernel patch, but we both know you aren't really that invested in this part of your theatrics.
What's the purpose of your theatrics? What's your intent?
"Right, this guy is treating the MiSTer like it needs to be enterprise-grade secure" literally no one is doing that. The ask was for a basic package manager, and that updates to packages and the OS be handled like literally EVERY other linux platform on the planet.
No. Not every other linux platform on the planet. There are loads of embedded devices running linux that don't have package managers. The MiSTer is being treated by the project maintainer as an embedded device, and those are not "all" supplied with package managers. Sorry.
This topic is about how a package manager will solve the problems that you and your buddies were being vague about until now. At first it was to make the cores easier to update? lol, right. Now it's obvious you are of the same group trolls that have been spazzing out on twitter for months because they want to fork the MiSTer project to "destroy it", but still beg for the buildroot, despite claiming to have easily figured it out on their own (which is a confusing mess of contradictions anyways), while complaining about security only the last month or so, when before it was complaining about all sorts of other things that had nothing to do with security. Shifting your rhetoric when one method of propaganda doesn't work, it's kinda annoying.
Please keep talking about theatrics when that's all you are doing.
Your hyperbole, and exaggeration are cool though. "Package managers have overhead and the MiSTer isn't a general purpose linux distribution" was how we started on this path. viewtopic.php?p=22856#p22856
What? I didn't even say that lol. That was someone else.
"Them just asking for the buildroot is not productive" as if asking something on the issues page is a functional way to get something.
The Mr. Fusion creator literally figured out the buildroot on his own. I'm sure you could too. Probably should stop being lazy and do the work you are demanding others do for you. You aren't entitled to sorgelig agreeing with you. Go ahead and fork the project and see if you manage it better I guess. Compete in the marketplace buddy.
This is way off topic at this point, simply because you wanted to "check" someone on a simple example. Feel free to put this train back on the tracks.
You are the person who flew off the rails with the stupid security complaints about a hobby video games FPGA system that is in like 0.000001% of homes in mostly wealthy countries only. Now you are asking to re-rail the thread YOU derailed?
The fact remains, you folks act like basic linux package management has some huge level of overhead, and maintenance requirements. It isn't. Likewise, you advocate for this reinvention of the wheel, which is honestly way more complex than a proper update repo: https://github.com/MiSTer-devel/Updater ... updater.sh
Why are you lumping me in with someone talking about overhead? I did mention maintenance requirements however. For the most part the bash script has been barely ever changed, check the commits. It works. And the best part is, people that know how to edit bash scripts can easily contribute. Fixing problems with package configuration is often a little less likely to have more people contribute a PR or raise productive feedback to an issue.
The amount of effort put into explaining why MiSTer isn't right for a package manager twists my mind! Even if someone did the work to support it, the PR would be refused, we all know that.
Why would Sorgelig do the work for you? If you are such a quitter then you'll never know I guess. Have fun being perpetually angry and deciding to not do anything about it.