top | item 38056258

(no title)

r4indeer | 2 years ago

What does this have to do with ImageMagick? They don't control the versions packaged by Canonical [0]. The bug you referenced is fixed in upstream, which you can access for free on GitHub.

Ubuntu users on 22.04 LTS or later are also unaffected, because the release came with a version that was already patched [1]. If you upgrade to a newer Ubuntu release, there is no need to pay for ESM.

Your comment makes it sound like the ImageMagick developers want money specifically from Ubuntu users to reveive security patches, which is not true.

[0] https://github.com/ImageMagick/ImageMagick/discussions/6805#...

[1] https://ubuntu.com/security/CVE-2022-48541

Edited to add some links.

discuss

1letterunixname|2 years ago

You appear to be leaping to the wrong conclusion. The problem is Canonical charging money for security updates. CentOS, Alma, Rocky, Fedora, Debian, openSUSE, Arch, and 300+ other Linux distros don't charge money for security updates either. The moral of the story is "Don't use enshitifying corporate Linux distros run by crazy people."

r4indeer|2 years ago

This still has nothing to do with the ImageMagick developers, which the original comment implies: "Compare [sic] to codesign, vulnerability management is more concerning."

You are free to criticize Canonical for their business model, but that seems off-topic to me right now.

tremon|2 years ago

The problem of Canonical charging money for security updates is off-topic when we're discussing ImageMagick's code-signing troubles on Windows.