Backporting of Discover/KNS fixes

A. Wilcox awilfox at adelielinux.org
Wed Apr 13 08:03:01 BST 2022 

On Mar 7, 2022, at 1:34 AM, Ben Cooksley <bcooksley at kde.org> wrote:
> Thanks to those who have now responded and your packaging work.
> Compared to when this incident began requests have now reduced noticeably.
> 
> Due to their failure to respond, I have now suspended pre-release package access for the following distributions:
> - Aosc
> - Manjaro
> - Mageia
> - PLD
> - Solus
> - Homebrew
> 
> With respect to Ubuntu and Debian, these two distributions are requested to advise when they have released the fixes.
> 
> I'm extremely disappointed in both Debian and Ubuntu for the delay they've had in releasing these updates. Their conduct falls well short of what I had expected.
> In the future items such as this will likely need a CVE to be requested for them (regardless of how appropriate that may be) to ensure these two distributions act appropriately.
>  
>> 
>> If those distributions could please acknowledged the steps they have taken that would be much appreciated (I'd really prefer not to have to send individualised followups)
>> 
>> Special mention in this goes to Ubuntu/Canonical, who currently have their release of the fixes held up in internal policies and workflows - despite representing half of the traffic being generated by this whole incident at one point in time.
>> (and it looks like users won't see the patches from them for at least another week). Suffice to say, i'm extremely displeased with them.
>>  
>>> 
>>> Thanks,
>>> Ben Cooksley
>>> KDE Sysadmin
>> 
>> Thanks,
>> Ben 
> 
> Regards,
> Ben 

I assume Homebrew didn't respond because they do not package Discover, or any part of Plasma.  The only (few) parts of Plasma that are packaged for Homebrew are in the KDE Invent repository[1].  Moreover, most of the formulae that made it upstream are maintained by KDE community members.

So, technically, you just suspended access to other KDE community members.  No real bother, as Git HEAD can be easily used anyway.


As for the rest of this message/thread, I highly recommend that everyone including Ben remind themselves of the KDE Community Code of Conduct[2].

Best,
-A.

[1]: https://invent.kde.org/packaging/homebrew-kde - to which I contributed Tellico and some fixes.
[2]: https://kde.org/code-of-conduct/

--
A. Wilcox (Sent from my iPhone)
Mac, iOS, Linux software engineer


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/distributions/attachments/20220413/0db679a6/attachment.htm>

More information about the Distributions mailing list