Backporting of Discover/KNS fixes

Ben Cooksley bcooksley at kde.org
Tue Mar 1 10:45:19 GMT 2022 

On Sat, Feb 19, 2022 at 10:11 PM Ben Cooksley <bcooksley at kde.org> wrote:

> Dear Distributions,
>

Hi all,


>
> It has recently come to my attention that some distributions have missed
> emails sent to this list recently regarding issues with Discover/KNS. As
> these issues are rather critical I am now requiring all distributions to
> explicitly acknowledge receipt of these emails and to declare the actions
> they have taken. As a reminder, end-user systems without these patches are
> participating in a distributed denial of service attack on KDE.org
> infrastructure.
>
> The two emails which distributions need to keep in mind are:
> - https://mail.kde.org/pipermail/distributions/2022-February/001140.html
> - https://mail.kde.org/pipermail/distributions/2022-February/001142.html
>
> These patches should be backported to all versions currently in support.
>
> For those distributions that have already backported these patches - thank
> you and apologies for the further inconvenience regarding this.
>

First, thanks to all those distributions which have acknowledged this email.
I have noted the following as having responded:
- KaOS
- Adelie
- Fedora
- Slackware
- Alpine
- Exherbo
- SUSE

Your work on this is very much appreciated - thanks for the excellent
service you've provided.

The following distributions have failed to respond to this:
- Aosc
- Archlinux
- Debian
- FreeBSD
- Gentoo
- Mageia
- Manjaro
- Neon
- NetBSD
- OpenBSD
- OpenMandriva
- PLD
- Solus
- Homebrew

If those distributions could please acknowledged the steps they have taken
that would be much appreciated (I'd really prefer not to have to send
individualised followups)

Special mention in this goes to Ubuntu/Canonical, who currently have their
release of the fixes held up in internal policies and workflows - despite
representing half of the traffic being generated by this whole incident at
one point in time.
(and it looks like users won't see the patches from them for at least
another week). Suffice to say, i'm extremely displeased with them.


>
> Thanks,
> Ben Cooksley
> KDE Sysadmin
>

Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/distributions/attachments/20220301/b07b2857/attachment.htm>

More information about the Distributions mailing list