unisoft 363 Posted Tuesday at 05:42 PM Posted Tuesday at 05:42 PM 20 hours ago, RanmaCanada said: And this is why I said that people here were making a mountain out of a molehill, and yet they still thought they knew better.. This doesnt alter the fact there should be a deidcated secutity page where facts can be published and the process of reporting new security issues. It would help everyone and avoid posts like yours where the community is either arguing against each other or towards the developers. 1
RanmaCanada 553 Posted Tuesday at 10:59 PM Posted Tuesday at 10:59 PM 5 hours ago, unisoft said: This doesnt alter the fact there should be a deidcated secutity page where facts can be published and the process of reporting new security issues. It would help everyone and avoid posts like yours where the community is either arguing against each other or towards the developers. They do have a a dedicated security page, it's just not on the forums, it's where it's supposed to be, on the github pages. There is also nothing to stop people from looking at the CVE pages to see what the dangers are, as everything is typically spelled out there in plain english (exactly what I posted). Yes we have a lot of ignorant users on the forums, but anyone with a functional brain would know to look at these places, and dumbing things down to the common people is something that I'd argue only needs to be done when it's something serious, which the dev team has done in the past, and this was not serious. Otherwise, people blow things out of proportion and get their knickers in a twist and start saying things they don't understand while puffing out their chests and act like they understand what they are talking about.. A little knowledge is dangerous, specially when those that have it don't understand what they have while claiming they do. 1 1 1
unisoft 363 Posted yesterday at 12:26 AM Posted yesterday at 12:26 AM 1 hour ago, RanmaCanada said: They do have a a dedicated security page, it's just not on the forums, it's where it's supposed to be, on the github pages. There is also nothing to stop people from looking at the CVE pages to see what the dangers are, as everything is typically spelled out there in plain english (exactly what I posted). Yes we have a lot of ignorant users on the forums, but anyone with a functional brain would know to look at these places, and dumbing things down to the common people is something that I'd argue only needs to be done when it's something serious, which the dev team has done in the past, and this was not serious. Otherwise, people blow things out of proportion and get their knickers in a twist and start saying things they don't understand while puffing out their chests and act like they understand what they are talking about.. A little knowledge is dangerous, specially when those that have it don't understand what they have while claiming they do. Odd then that Microsoft, Apple, Oracle and many others have dedicated web pages for it and dont expect end customers to know about git hub and trawling it. You make incorrect assumption that everyone is dumb or common people. CVE numbers can point to a security vulnerability, but they dont always tell you the full range of products affected and versions or mitigating workarounds that a software vendor would. If the information is clear and severity level clear then nobody is going to get their knickers in a twist like you say. I expect the info on the software vendors web site without having to go to 3rd party places. It's a response from them for a start..... 1
softworkz 5263 Posted yesterday at 01:50 AM Posted yesterday at 01:50 AM (edited) I am sure that every Microsoft, Apple or Oracle customer would cry with happiness for having the opportunity to get direct answers from the people in charge in a forum. Edited yesterday at 01:51 AM by softworkz 5
softworkz 5263 Posted yesterday at 01:51 AM Posted yesterday at 01:51 AM But seriously: The idea is plausible for sure. In fact, during the botnet incident two years ago, we had started a "Security Incidents" section as part of the documentation. And it just didn't work out. We've been busy all the time and couldn't keep it up-to-date continuously. And when it was updated and users were pointed at it, they still continued to ask questions, including things that were answered there. Nobody cared about it and we were answering questions in the forums all the time. At the end, even I had forgotten about it and it wasn't even updated with the outcome but nobody ever came asking about it. Eventually the section was removed, because nobody was interested in this anymore. We are small and cannot be compared with companies like MS, Apple & Co - this is a whole different world, and also we do not have that many security issues to deal with. In turn, a security page with less than a handful of incidents and maybe the newest being a year old would not make a good impression (people might easily draw wrong conclusions) and while there is an active incident, people would still be asking the same kind of questions and we'd see the same kinds of discussions like here (excepting the side-track about a "security page", but then probably about why it doesn't get updated by the minute). If it were a larger number - it might be a different story. We'll see and adapt to the situation if necessary. 3 1
RanmaCanada 553 Posted 21 hours ago Posted 21 hours ago 18 hours ago, unisoft said: Odd then that Microsoft, Apple, Oracle and many others have dedicated web pages for it and dont expect end customers to know about git hub and trawling it. You make incorrect assumption that everyone is dumb or common people. CVE numbers can point to a security vulnerability, but they dont always tell you the full range of products affected and versions or mitigating workarounds that a software vendor would. If the information is clear and severity level clear then nobody is going to get their knickers in a twist like you say. I expect the info on the software vendors web site without having to go to 3rd party places. It's a response from them for a start..... Yeah and I'm sure the CEO's of those companies answer questions directly on their forums, RIGHT? Comparing Emby to multi billion or trillion dollar companies is just the epitime of ignorance. Thanks for continuing to validate my points. Have a great day. 1
unisoft 363 Posted 45 minutes ago Posted 45 minutes ago (edited) 20 hours ago, RanmaCanada said: Yeah and I'm sure the CEO's of those companies answer questions directly on their forums, RIGHT? Comparing Emby to multi billion or trillion dollar companies is just the epitime of ignorance. Thanks for continuing to validate my points. Have a great day. You like insulting people don't you? You assume you are the greater authority, and that everyone else is stupid. You don't know my background, where I work, how long I have been in the industry etc. etc. CEO's don't answer anything on web sites or forums for those companies (usually). Instead you have program managers or actual developers or a department responsible doing it. Emby support is on here, I don't need to know about their background, just a mere question about a securiuy page so that posts in the forums are avoided and Emby looks more professional with regards to security and integrity of their products. Softworkz has explained the position, it could have been left at that, without you chipping in. I don't need smebody who gets off on gas lighting people for their fulfillment. Edited 38 minutes ago by unisoft
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now