[pitkali]

The sentiment against OS X might not show that strong, but it is clearly there. She doesn't even mention that what protects /usr/bin is System Integrity Protection, or that it can be disabled. The very idea that people might not be using system git is not even mentioned.

All in all, it really feels as if it was written from the perspective of someone that does not usually work with OS X and does not know the system well. In other words, she has not done her homework. Which is fine, if you acknowledge what you don't know. But then the condescending tone would be totally out of place.

The sentiment is there, and it does not help in spreading the message, unless what you really want is to flare up all the emotions. Otherwise, it's not the best course of action.

Fun fact, since we're comparing default system installations, my Ubuntu apparently still has git 2.5.0. I suppose I should find some PPA or something to update it.

[developer2]

That point about Linux distros such as Ubuntu is something I was looking to mention, but I'm not 100% sure I have my facts straight. That said, here's what I believe is the case. ;)

The repositories can be similar to OS X in terms of providing really outdated versions of many packages. The same day Ubuntu releases a new version of the OS, packages can already be over a year out of date from the releases made by the software's developer.

The distros won't update the official repositories with newer versions of software once the version is pinned during the testing phase of the OS, due to the extensive amount of quality assurance that goes into ensuring system-wide stability. Their reasons are justified, but the end result still means you're typically not running the best and latest of anything.

Things are a little more difficult to understand with versioning in Linux. You may have git 2.5.0, but if you're on a release of the distro for which support is still ongoing, those CVEs are probably fixed due to backported security patches that don't bump the software's version number. In this manner, official repositories on Linux distros usually give you outdated software in terms of new features, but keep you entirely up to date in terms of security.

Information for Ubuntu in particular: https://wiki.ubuntu.com/StableReleaseUpdates

And then... TIL about the backports repository: https://help.ubuntu.com/community/UbuntuBackports

[teacup50]

So what if there's a "sentiment against OS X"?

I've been using Macs for 30 years, including OS X since the 10.0 beta, and the recent changes have left me with a "sentiment against OS X" not unlike the "sentiment against Mac OS" that we had in the 90s when things went pear shaped.

There were people saying we shouldn't speak ill of System 7.5 back then, too.

OS X isn't a systemically marginalized group, it's a product that people are increasingly unhappy with. You may disagree as to why, or with the trade-offs involved, but we're not ignorant as you think we are; SIP likely isn't mentioned because it's obvious.

[pawadu]

That git 2.5.0 on your ubuntu was patched about a month ago (to be exact: March 21, the same day Ubuntu published the advisory).

So fun fact indeed :)

[r3bl]

I just checked my Ubuntu 14.04 and got this as an output:

    $ git --version
    git version 1.9.1

Unacceptable.

[pritambaral]

14.04 is an LTS release, which is, by definition, stable. 2.8.0 (latest, what I'm running) is vastly different from 1.9.1.

Stability is not the same thing as insecurity. As long as a stable release is supported, the maintainer promises to keep it secure. If your version of git had that vulnerability, Ubuntu would have backported the patches/fixes and made it available to you.

The version number 1.9.1 is a release identifier, not a security status identifier.