On Mon, Apr 1 2024 at 10:25:16 AM -07:00:00, Adam Williamson
<adamwill@xxxxxxxxxxxxxxxxx> wrote:
Oh, ISWYM. Well, I suppose yes, that does happen to be true. We could
communicate that if it's done very carefully and made really clear
that
it's about the *time frame*, nothing to do with the repositories.
It's been brought to my attention that the Fedora Magazine article [1]
has been updated yet again, and now it warns that the 5.6.0-3.fc40
build was "tainted." This build is not affected by the backdoor because
ifuncs were disabled.
I'm quite frustrated now. The message from Richard and other engineers
has been very consistent. The bad builds are 5.6.0-1.fc40 and
5.6.0-2.fc40. We have been saying as much since Friday. Please fix the
article once again.
(There is no strong reason to believe 5.6.0 is otherwise worse than
5.4.6, since both versions were released by the same attacker. It
doesn't make sense to refer to the -3 build as "tainted.")
Michael
[1] https://fedoramagazine.org/cve-2024-3094-security-alert-f40-rawhide/
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
