Post by Steve Litt via AleI can't blame you though. It was only a matter of time. Put Jeffrey,
Solomon and me on the same list and you're going to get a systemd
discussion. You just lit the fuse.
Going back to the original subject...
I remember RHL having a bug similar to this (ie improperly escaped shell
script arguuments in their DHCP client shell scripts) sometime in the
2000-2001 timeframe, that it was basically due to copy-pasting an ISC
example, and most other distos being independently affected. I also
recall that for some time afterwards, the ISC DHCP client's sample
scripts continued to be rife with similar bugs, and that there have been
a veritable laundty list of other security issues since then, including
two so far in 2018.
Blaming Red Hat for this one is deservedly fair, but let's not pretend
that ISC needs Red Hat's help to create exploitable security bugs in
their DHCP codebase.
That said, it's rather disingenuous to conflate this with anything to
with systemd, as yes, this bug predates systemd's existance, and in any
case does not involve the same individual contributors -- which brings
me to another point. Eeryone who's ever worked at Red Hat does not take
marching orders from some overarching cabal any more than you or I hold
the same opinions and motivations by virtue of subscribing to this
mailing list or (once upon a time) living in the Atlanta Metro area.
Meanwhile, if systemd makes everything RH has ever done or will do
irrecocably tainted, then you'd best get out of the Linux business
entirely, because RH is the single largest corportate contributor to
F/OSS in general -- not in the Google code dump over the wall manner,
but by directly making or otherwise sponsoring significant
upstream-first contributions to every layer of the stack [1], from the
Linux kernel itself; to core GNU utilities -- including and especially
GCC; to plumbing like KVM and container technologies; to rails,
servlets, and other application environments; to user applications like
LibreOffice. They also sponsor a ton of hardware enablement and related
infrastructure (networking, printing, graphics/compute, sound, plus
non-obvious things like ACPI, standardized firmware updating tools, and
refusing to support vendors that don't supply (and upstream) proper
drivers, which is really giving the various would-be ARM vendors
serious conniption fits!)
[1] https://community.redhat.com/software/
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.