it would be better to remove item which not really be verified
passed(#12) from change log to avoid confusing.
ex. Mario is confused on
https://bugs.launchpad.net/somerville/+bug/1809721/comments/5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
This bug was fixed in the package bolt - 0.5-0ubuntu0.18.04.1
---
bolt (0.5-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream version (lp: #1798014)
* debian/control:
- update the meson requirement according to the upstream changes
* debian/rules:
- drop use of the
@Mario, thanks, I agree with you wrote and marking it as verification-
done. The current system is not perfect but the issues are not
regression/worth blocked the SRUs which are pending and we can improve
thing in the next iteration.
** Tags removed: verification-failed-bionic verification-needed
@seb128, regarding comment #7:
That is exactly why I raised that bug upstream. The way that makes sense to me
is for popping up a GNotification when new devices are plugged in rather than
automatically authorizing or automatically "trying" to authorize unless you
know the device is "safe".
@al
@Alex, thanks for the input. Mario are you happy with those replies?
@Betty, thanks for testing, weird that it's not working though :/ That
said, that's not a regression over the current bionic version and while
it would be good to figure out why it's not working it's maybe not worth
blocking the
** Tags added: verification-failed-bionic
** Tags removed: verification-needed-bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1800715
Title:
Prompt for credential when it shouldn't
To manage
Image: pc-timbuktu-bionic-amd64-X00-20181114-312.iso
Test machine: XPS 13
Thunderbolt 3 device: Dell dock TB16 BME
Test steps:
1. Enable "Security level - User Authentication" of Thunderbolt Adapter
Configuration in BIOS
2. Create a user "test-admin" and add in sudo group
3. Reboot and login with
The security team consider the existing behaviour is fine - ie.
automatically connect without authentication when an admin session is
logged in and is an active seat (ie. the screen / session is not
switched to some other users sessions / VT), and the screen is unlocked.
If someone has direct phys
Also note that the upstream behaviour is described on
https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess , they
decided to not show the dialog because they believe that most users
would not read/understand the question or the implication and would
click "yes" anyway so it wouldn't change t
ignore that previous common, would need to crash bolt itself, which is
less likely
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1800715
Title:
Prompt for credential when it shouldn't
To manage not
(one potential problem is
https://gitlab.freedesktop.org/bolt/bolt/issues/95 which would involve a
way to crash gnome-shell which wouldn't be uncommon)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/180
@Mario, I'm a bit confused on why you didn't raise those concerns earlier, you
knew about the upstream behaviour and even tested things on 18.10 for
https://gitlab.gnome.org/GNOME/gnome-shell/issues/709
It would have been nice to have that discussion upfront and not have it lock
the fwupd and bo
If I understand correctly, the attack would have to be on a logged in session.
So the attacker would have local access to the machine and the session already.
It is something for careful consideration though. I will loop in the security
team for their thoughts.
--
You received this bug not
My personal opinion aligns with YC actually.
It's specifically in the handling of a Thunderbolt device not just any
USB device. If a thunderbolt device is automatically authenticated it
does improve the usability at the expense of security.
A nefarious Thunderbolt device can trivially perform a D
@Yuan-Chen, you wrote "The user in admin group needs to enter the
password when they are doing something serious or potentially harmful to
the system" ... we are speaking about an action which happens when the
user has physical access to the machine (so he can connect the usb-c
device) with an unlo
It's new to me that it's designed in a way that a user in admin/wheel
group doesn't need to enter the password.
The user in admin group needs to enter the password when they are doing
something serious or potentially harmful to the system. If there could
be a potential security risk, why we should
Hello Sebastien, or anyone else affected,
Accepted bolt into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/bolt/0.5-0ubuntu0.18.04.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:
The issue has been fixed in cosmic, the fix is being SRUed to bionic now
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1800715
Title:
Prompt for credential when it shouldn't
To manage notifications
18 matches
Mail list logo
