plasma 5.24 tars ready for packaging
Ben Cooksley
bcooksley at kde.org
Wed Feb 9 10:04:50 GMT 2022
On Wed, Feb 9, 2022 at 4:30 AM Nate Graham <nate at kde.org> wrote:
> Much work is currently in progress to actually fix these issues. I see
> multiple merge requests across multiple repos being reviewed and merged.
> I think it makes sense to let that process happen. I see no indication
> of the issue not being taken seriously, even considering the hyperbolic
> and threatening way in which it was communicated mere days before a
> major software release that is already occupying everyone's time. Let's
> tone down the rhetoric and let developers do their jobs, now that
> they've been made aware of this critical issue.
>
Please note that it is extremely important that backports and the making of
releases containing those backports is a critical part of the process of
rectifying this issue.
It cannot be left to just resolve itself via the organic process of users
updating their systems to major versions - because that won't happen for
months or longer and it is likely that the issue will continue to intensify
before it gets any better.
Based on data we have we know that a big proportion of the traffic is
coming from KF 5.86 based systems so these patches need backporting as
distributions will not ship major version updates to these users.
Patch releases however have a chance (especially if we prod packagers) of
making their way to those users within a matter of days.
To date all mentions I have made of backports being essential have been
ignored.
>
> Nate
>
Regards,
Ben
>
>
> On 2/8/22 02:53, Jonathan Riddell wrote:
> > You'll need to take this up with the maintainers of Discover and
> > KNewStuff. There's no reason why fixing the issue wouldn't resolve the
> > problem as fast as removing it.
> >
> > Jonathan
> >
> >
> > On Tue, 8 Feb 2022 at 06:53, Ben Cooksley <bcooksley at kde.org
> > <mailto:bcooksley at kde.org>> wrote:
> >
> > On Tue, Feb 8, 2022 at 1:12 AM Jonathan Riddell <jr at jriddell.org
> > <mailto:jr at jriddell.org>> wrote:
> >
> > I'm not going to publish updates that just remove an important
> > feature. Rather there needs to be discussion in the normal KDE
> > method and that feature should be fixed.
> >
> >
> > Sorry but i'm going to categorically reject in the strongest
> > possible terms the above statement.
> >
> > What you are in essence saying is that your view is that it is
> > acceptable to conduct a distributed denial of service attack on
> > someone (even if it unintentional) and then refuse to disable the
> > functionality in question while the issue is investigated in full
> > and fixed properly.
> > That quite simply is appalling.
> >
> >
> > Jonathan
> >
> >
> > Regards,
> > Ben
> >
> >
> >
> > On Sun, 6 Feb 2022 at 18:46, Ben Cooksley <bcooksley at kde.org
> > <mailto:bcooksley at kde.org>> wrote:
> >
> > On Fri, Feb 4, 2022 at 7:52 AM Jonathan Riddell
> > <jr at jriddell.org <mailto:jr at jriddell.org>> wrote:
> >
> > The tars for Plasma 5.24 are ready on deino for
> > packaging in distributions. Release is due next Tuesday.
> >
> >
> > Hi Jonathan,
> >
> > I've now withdrawn these tarballs as they contain code that
> > performs a denial of service attack on KDE.org
> infrastructure.
> >
> > As this affects more than just Discover (with KWin,
> > plasma-workspace and kdeplasma-addons all containing defects
> > that are part of this series as well) a full respin of all
> > packages will be required.
> >
> > We also need patch releases of Discover for all versions
> > going back to Plasma/5.18. While I appreciate that some of
> > these are "out of support" the extraordinary nature of the
> > problem we are facing requires it to be made (much like how
> > Microsoft released a fix for Windows XP in the wake of
> Wannacry)
> >
> >
> > Jonathan
> >
> >
> > Thanks,
> > Ben
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20220209/d8b29f2b/attachment.htm>
More information about the Plasma-devel
mailing list