I'm claiming that the article is wrong and you're quoting the article at me? Yes I know what the article says because I read it, and then researched the vulnerability.
Which is by github user dirk1983, and if you read (translate) the readme, you will see that it's a ChatGPT front-end written by this user, not anything officially released by OpenAI.
The confusion comes from the fact that his repository (this front-end with the vulnerability) is just called "ChatGPT", and neither the journalist nor you did this basic search to find that out.
AFAICT this is not the OpenAI web interface, it's just a third-party web interface for ChatGPT that calls the OpenAI API and the author of this web interface called it just "ChatGPT".
Presumably the author of this article is incapable of actually doing the 2 minutes of research necessary to identify that this is not an official ChatGPT codebase that contains the vulnerability.
I've been using it for just over 6 months and it's perfectly fine as a desktop distribution. I'm enjoying that it's based on Debian Sid and I get a more up to date GNOME release than I would have with Ubuntu or Debian. The update process is a bit slow but you can just leave it downloading in the background and then reboot when it's ready. If you know that you want an immutable desktop distro based on Debian then I would definitely recommend it.
If you're using it for development then it's a bit more complicated as you'll need to get used to working in a distrobox container and understanding when it can and can't access the host system or communicate with programs running on the host system.
If you have the time and basic understanding to be able to switch your dev workflow to run inside a container, or if your dev environment never needs to interact with the base system that you're running it on, then it's perfectly usable for dev work - just a bit of a learning curve.
I'm claiming that the article is wrong and you're quoting the article at me? Yes I know what the article says because I read it, and then researched the vulnerability.
The CVE is: https://nvd.nist.gov/vuln/detail/CVE-2024-27564
Which was described in an issue in GitHub here: https://github.com/dirk1983/chatgpt/issues/114
Which relates to this GitHub repository: https://github.com/dirk1983/chatgpt/
Which is by github user dirk1983, and if you read (translate) the readme, you will see that it's a ChatGPT front-end written by this user, not anything officially released by OpenAI.
The confusion comes from the fact that his repository (this front-end with the vulnerability) is just called "ChatGPT", and neither the journalist nor you did this basic search to find that out.