According to the article, they're moving people to IPP (the protocol CUPS uses), with the difference that it will warn if configured with encryption disabled (I can't be bothered to check to see what CUPS does for transport encryption by default, but according to MS, it does support it out of the box).
Other things they mention are just a function of having access to the source code (CUPS drivers are mostly open source), and not letting people install DLLs with elevated privilege over the the printer network port (as far as I know, this was never a thing that cups supported). They mention XPS (isn't that dead yet? Is it more secure than PDF/A, or PS?) and Mopria (not sure what this is, but the specifications page on their webpage only mentions things that are obvious security holes: piping your print spool through the cloud, and having the device advertise using Bluetooth Low Energy)
Anyway, CUPS has none of the problems mentioned in the article from what I can see. (Except that it might be common practice to misconfigure it with transport security disabled).
> According to the article, they're moving people to IPP (the protocol CUPS uses)
I'd hate to spoil your revisionist history, but Windows has supported IPP out of the box since Windows 2000 (in 1999), right around the same time CUPS had its very first release.
CUPS did not invent IPP.
What eventually became IPP was initially proposed by Novell ('memba them?) back in 1996.
The difference is Windows already had this entire ecosystem of legacy print drivers whereas Linux had barely-functioning print services at the time. It's easier to move to something new when you can scrap the past wholesale.
It's amazing that Linux (and Mac and Solaris etc.) having decent printing is largely because of the work of one guy.
So, then what is this announcement? They're moving to WPP, which is... IPP but it warns on crypto downgrade, and is maybe incompatible?
I thought Windows defaulted to SMB for printer discovery, and not IPP. Anyway, from the announcement, they don't seem to be improving on what I'm used to getting from CUPS.
Maybe the announcement means "IPP Everywhere" instead of "IPP".
That is the extensions to IPP that adds network discovery (via multicast DNS) and 'driverless' printing (by mandating that prints support standard document formats). It probably also includes a standardised way for client to find out what paper sizes, duplex, quality, etc. settings the prints has.
Other things they mention are just a function of having access to the source code (CUPS drivers are mostly open source), and not letting people install DLLs with elevated privilege over the the printer network port (as far as I know, this was never a thing that cups supported). They mention XPS (isn't that dead yet? Is it more secure than PDF/A, or PS?) and Mopria (not sure what this is, but the specifications page on their webpage only mentions things that are obvious security holes: piping your print spool through the cloud, and having the device advertise using Bluetooth Low Energy)
Anyway, CUPS has none of the problems mentioned in the article from what I can see. (Except that it might be common practice to misconfigure it with transport security disabled).