Re: xz backdoor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 30/03/2024 15.45, Michael Catanzaro wrote:
On Sat, Mar 30 2024 at 12:26:48 PM +00:00:00, Christopher Klooz <py0xc3@xxxxxxxxxx> wrote:
 If I got Rich right, the malicious code is likely to be broken on F40,

No, that is not correct, as explained by [1] and [2]. We have already asked Red Hat to investigate and fix the blog post. This is still an evolving situation; apologies for the confusion as we sort this out.

[1] https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/BAO5S2VGTTWD6MHHCFHTAIAHZQFMOGAQ/
[2] https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/BAO5S2VGTTWD6MHHCFHTAIAHZQFMOGAQ/

Then we must have had some communication snafu regarding the Fedora Magazine article, because multiple people including myself flagged the incorrect statement there before the article was published. Hopefully we can get one this fixed, too.

Michael

In case someone from the Fedora Magazine is in the devel mailing list and reads this:

I am not sure if this is intended, but the article on the magazine already spread the false information that "testing" is disabled by default on F40 (this was also spread on LinkedIn - both have been already re-distributed into several channels), and now it says in the first section "Fedora Linux 40 Beta users only using stable repositories are NOT impacted".

I assume that users who already have the false information (which is already widely distributed) in mind do not feel corrected if they now read “Fedora Linux 40 Beta users only using stable repositories are NOT impacted”. They might simply come to the conclusion that they are not affected since they never enabled testing manually. The article does not correct the earlier information but leaves it as potentially valid.

I think you should make clear in the beginning that testing is enabled by default, and unless they changed it themselves, it has to be assumed to be enabled. With the false information spread already through many channels, I assume some people stop reading after the first section.

I just triggered Justin [1] but I am not sure if he is available at the moment. It would be cool if someone with privileges adjusts the article's first section.

[1] https://discussion.fedoraproject.org/t/attention-malicious-code-in-current-pre-release-testing-versions-variants-f40-and-rawhide-affected-users-of-f40-rawhide-need-to-respond/110683/41
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux