That was simply explained without burying it. Thanks.TL;DR: as with most security issues, end users should update their systems.I think you may be caught in some news exaggeration. Don't get me wrong, this hack was a huge thing, but it was discovered early enough that most (i'd guess almost all) fedora users wont' have to do anything.
For Fedora, the problem package was only in Fedora 40 Beta and Fedora Rawhide. If you are not running these packages, this isn't more than a "wow, that was a near miss" for the end user. If you are running either version, the xz maintainer has already rolled back the problem update, so if you use "dnf update" you are safe.
Because of a stroke of luck (finding this as early as we did) its as simple as that, we have an assumed good version that users can 'update' to, and beyond that, us developers need to verify that the assumed good version is actually good, and if it isn't, issue new updates.
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
