Leak of Frameworks 5.88.0

Ben Cooksley bcooksley at kde.org
Sat Nov 13 02:49:32 GMT 2021


Hi all,

It has recently been brought to my attention that packages of KDE
Frameworks 5.88.0 have been prematurely released by the distribution
PCLinuxOS, as visible at https://repology.org/project/krunner/versions

This is somewhat concerning for several reasons, but in particular because
they don't have an early access packager account of their own - meaning
they obtained the packages from someone else (either because they directly
shared their access, because they shared the packages with PCLinuxOS or
because PCLinuxOS has discovered the location of source packages for one or
more distributions).

This is now the second time in as many months that packages have been made
available earlier than they should have by one or more distributions.

While this isn't a substantial problem, it is of concern as the purpose of
the pre-release mechanism is to allow any final issues to be ironed out
before the final release is announced and made publicly available - which
this premature release is defeating.

It would be appreciated if distributions could please review whether it is
possible that PCLinuxOS obtained the packages via them and ask the
PCLinuxOS team to please contact us as it would be preferrable that such
premature leaks/releases did not take place.

Thanks,
Ben Cooksley
KDE Sysadmin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/distributions/attachments/20211113/c0b3da78/attachment-0001.htm>


More information about the Distributions mailing list