Wonder how these play out against the https://github.com/X11Libre/xserver base, would be interesting to hear from that end as to how these things are handled. My understanding is that they address any sec issues that arise on x.org but it would be fascinating if the issues are already mitigated since XLibre updated their xserver port with 1000s of issues that were never addressed on the x.org side of things.
On their github you can see all three changes identical to x.org's happened on October 28th (same day as the advisory). So, they were not already fixed, but the fixes were applied immediately.
The problem with XLibre is political, not technical. When they came out they made a big deal of being the anti-woke free-speech no-vaccine-mandate alternative to woke cancel-culture Xorg, which instantly ruined their reputation before it even began.
Your comment is missing how the project initially presented itself and the main dev being an anti-vaxxer certainly puts those words into a bad context.
In essence, that's not a lot different different from the section I linked to in the current version. But I appreciate that the dev could have curbed his emotions while writing the README.md, if for no other reason, then to cater to public appearance.
As for the lead dev's stance on mandatory vaccination, that should not play a role in assessing the need for and the technical merits of the project. Attempting to cancel a project based on such personal views of its maintainers is exactly my issue here.
I can't possibly be the victim of anything as long as you stick to the party line. After all, isn't doing its bidding new morality, and isn't its opposition nothing but evil ghouls? </sarcasm>
If I really hated people, perhaps I would suggest to troubled ones that hating their own body to the point of mutilating it is the solution to their problems
That's the fork where the primary cause was to be "anti-woke", right? Honestly it seemed like it was just because that one guy was a little unbalanced, and he happened to be channeling that energy into an X server fork.
which mattered because everyone pulls from master, because xorg stopped doing proper releases. it's certainly something to bear in mind if you intend to run xlibre though.
I don't think "everyone" pulls from master - "everyone" run the distributions, and they always pin to the specific git commits. Only people who run xorg master are the ones who want bleeding edge, and those would be using it no matter release or not.
And it's not like metux will suddenly become more careful just because he does not have to worry about other anymore. If anything, I expect there to be much faster changes and much more breaking things... Here is a great quote [0]
> @metux that you've had to fix this bug twice (!1844 (merged), !1845 (merged)) shows a lack of attention and care. This was a known regression, with clear reproduction steps, and at first glance, it does not look like you tested your PR at all.
> And that goes in general; I really haven't seen the level of care and attention I would expect to see in these patches; several of them had obvious buffer overflow issues that would have easily been caught if tested.
I'm not even trying to say they shouldn't have kicked him out, just that it had nothing to do with wokeness, and more to do with philosophy of how the project should be run.
An X server code base is such a niche topic, do you honestly think Xorg or any other project is capable of being a "woke" X server? It sounds more like this one guy has some issues and is trying to blame something he is already bitter about.
