Leak of Frameworks 5.88.0

[Neal Gompa]

On Fri, Nov 12, 2021 at 9:49 PM Ben Cooksley <bcooksley at kde.org> wrote:
>
> Hi all,
>
> It has recently been brought to my attention that packages of KDE Frameworks 5.88.0 have been prematurely released by the distribution PCLinuxOS, as visible at https://repology.org/project/krunner/versions
>
> This is somewhat concerning for several reasons, but in particular because they don't have an early access packager account of their own - meaning they obtained the packages from someone else (either because they directly shared their access, because they shared the packages with PCLinuxOS or because PCLinuxOS has discovered the location of source packages for one or more distributions).
>
> This is now the second time in as many months that packages have been made available earlier than they should have by one or more distributions.
>
> While this isn't a substantial problem, it is of concern as the purpose of the pre-release mechanism is to allow any final issues to be ironed out before the final release is announced and made publicly available - which this premature release is defeating.
>
> It would be appreciated if distributions could please review whether it is possible that PCLinuxOS obtained the packages via them and ask the PCLinuxOS team to please contact us as it would be preferrable that such premature leaks/releases did not take place.
>

I would be very shocked if PCLinuxOS interacts with the KDE community
at all. My understanding is that they're quite insular and they grab
package sources from other distros for their builds.

At least right now, Fedora Rawhide and Mageia Cauldron have KF5 5.88
committed and built. Chances are pretty good that they got it from
there. Fedora committed it 3 days ago. Mageia did it 4 days ago.

If you want them to hold back, you'll have to reach out to PCLinuxOS yourself.





--
真実はいつも一つ！/ Always, there's only one truth!