Haelwenn /элвэн/ 
https://bugs.gentoo.org/971885 "app-editors/vim: Multiple High risk vulnerabilities in the past few days"
Pfahaha, makes me wonder if it's related to the vibe-code stuff it got in there lately.
sam@lanodan I don't use vim so not for me to do really, but I'm just waiting for someone to package one of these "boring forks".
From what I saw, at least some of these vulnerabilities (not sure if it's the ones in this bug but wrt the ones going around recently), they got introduced pretty recently and couldn't be repro'd on say Debian stable, so any fork would likely be okay if it's from a little while ago..
@thesamesam Well I don't use it either (I use app-editors/vis) so it's kind of me being on the peanut gallery, otherwise pretty sure I probably would have packaged one of those boring forks already.
@lanodan Had a feeling. I feel like editors are one of those where you need someone who actually daily drives it to be sensitive to the various things that can go wrong, tweaked upstream defaults, blah blah
mid_kid@thesamesam @lanodan I am a heavy user of vim, but have never poked much at its internals (or bothered learning vimscript) so I've yet to notice any of this ensloppification.
Looking around, it seems that too much of the software I rely on has started using AI overnight, making it unavoidable. Drew even has a blog post on replacing rsync with tar due to this, something I really don't see being anywhere near equivalent.
As someone who consistently fights losing fights, this doesn't seem worth it.
Looking around, it seems that too much of the software I rely on has started using AI overnight, making it unavoidable. Drew even has a blog post on replacing rsync with tar due to this, something I really don't see being anywhere near equivalent.
As someone who consistently fights losing fights, this doesn't seem worth it.
@thesamesam @lanodan Also the forks essentially propose feature freezes. I don't see this being a viable long-term solution, as many of the features added since I started using it with vim7 have significantly uplifted the experience... If you were to keep new features somewhat in-sync, you'd basically be transcribing code instead of doing any development.
It's sad how things go, but I don't think there's a technical solution to this social problem...
It's sad how things go, but I don't think there's a technical solution to this social problem...