Leak of Frameworks 5.88.0

Nicolas Lécureuil kde at nicolaslecureuil.fr
Sat Nov 13 11:11:19 GMT 2021


Le 2021-11-13 04:15, Neal Gompa a écrit :
> On Fri, Nov 12, 2021 at 9:49 PM Ben Cooksley <bcooksley at kde.org> wrote:
>> 
>> Hi all,
>> 
>> It has recently been brought to my attention that packages of KDE 
>> Frameworks 5.88.0 have been prematurely released by the distribution 
>> PCLinuxOS, as visible at https://repology.org/project/krunner/versions
>> 
>> This is somewhat concerning for several reasons, but in particular 
>> because they don't have an early access packager account of their own 
>> - meaning they obtained the packages from someone else (either because 
>> they directly shared their access, because they shared the packages 
>> with PCLinuxOS or because PCLinuxOS has discovered the location of 
>> source packages for one or more distributions).
>> 
>> This is now the second time in as many months that packages have been 
>> made available earlier than they should have by one or more 
>> distributions.
>> 
>> While this isn't a substantial problem, it is of concern as the 
>> purpose of the pre-release mechanism is to allow any final issues to 
>> be ironed out before the final release is announced and made publicly 
>> available - which this premature release is defeating.
>> 
>> It would be appreciated if distributions could please review whether 
>> it is possible that PCLinuxOS obtained the packages via them and ask 
>> the PCLinuxOS team to please contact us as it would be preferrable 
>> that such premature leaks/releases did not take place.
>> 
> 
> I would be very shocked if PCLinuxOS interacts with the KDE community
> at all. My understanding is that they're quite insular and they grab
> package sources from other distros for their builds.
> 
> At least right now, Fedora Rawhide and Mageia Cauldron have KF5 5.88
> committed and built. Chances are pretty good that they got it from
> there. Fedora committed it 3 days ago. Mageia did it 4 days ago.
> 
> If you want them to hold back, you'll have to reach out to PCLinuxOS 
> yourself.

Hi,

i don't know if this is us or not but in any case we will be more 
careful on when we release.

When we receive the mail about new release can we have the real "embargo 
date" ?

-- 
Regards,
Nicolas Lécureuil
Mageia KDE Team


More information about the release-team mailing list