[Dev] A security researcher has found 40 unknown zero-day vulnerabilities in Tizen

Maxim Khitrov max at bhsai.org
Thu Apr 6 12:28:11 GMT 2017


On Thu, Apr 6, 2017 at 4:12 AM, Carsten Haitzler <c.haitzler at samsung.com> wrote:
> I wish he'd actually filed bugs on http://bugs.tizen.org 8 months ago. Every
> platform and software has bugs.

Yea, but the other platforms generally try to fix those bugs when they
are reported. I filed this back in August (not security related, but a
serious issue nonetheless):

https://bugs.tizen.org/jira/browse/PTAPI-59

You guys definitely take bug reports seriously. When that went
nowhere, I posted about it on this list in December:

https://lists.tizen.org/pipermail/dev/2016-December/007243.html

Still zero progress. Each software update for the Gear S2 and S3
changed how sensor timestamps work, so we had to basically ignore them
to get our app to work. A new update was just released for the S3, so
I'm eager to find out what will break this time. This, of course, also
makes us question whether the sensor data is at all reliable. I didn't
bother reporting bugs in the Bluetooth framework because what's the
point? Then there is the problem of inaccurate documentation on
developer.tizen.org, which I won't even go into.

Anyone who has looked at review.tizen.org/git, and congratulations if
you actually managed to find what you're looking for there, pretty
much comes to the same conclusion: Tizen is a mess with really bad
code all around. I definitely won't touch it again once my current
project is over. You might want to focus on that first before
complaining that people aren't filing bug reports.


More information about the Dev mailing list