[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-release-team
Subject: Re: plasma 5.24 tars ready for packaging
From: Jonathan Riddell <jr () jriddell ! org>
Date: 2022-02-08 9:53:58
Message-ID: CANX=XXN12=ObADyUbMiQa17xL3tTF+oGHP5WxHf7DXu=e=Hq2Q () mail ! gmail ! com
[Download RAW message or body]
You'll need to take this up with the maintainers of Discover and
KNewStuff. There's no reason why fixing the issue wouldn't resolve the
problem as fast as removing it.
Jonathan
On Tue, 8 Feb 2022 at 06:53, Ben Cooksley <bcooksley@kde.org> wrote:
> On Tue, Feb 8, 2022 at 1:12 AM Jonathan Riddell <jr@jriddell.org> wrote:
>
>> I'm not going to publish updates that just remove an important feature.
>> Rather there needs to be discussion in the normal KDE method and that
>> feature should be fixed.
>>
>
> Sorry but i'm going to categorically reject in the strongest possible
> terms the above statement.
>
> What you are in essence saying is that your view is that it is acceptable
> to conduct a distributed denial of service attack on someone (even if it
> unintentional) and then refuse to disable the functionality in question
> while the issue is investigated in full and fixed properly.
> That quite simply is appalling.
>
>
>> Jonathan
>>
>
> Regards,
> Ben
>
>
>>
>>
>> On Sun, 6 Feb 2022 at 18:46, Ben Cooksley <bcooksley@kde.org> wrote:
>>
>>> On Fri, Feb 4, 2022 at 7:52 AM Jonathan Riddell <jr@jriddell.org> wrote:
>>>
>>>> The tars for Plasma 5.24 are ready on deino for packaging in
>>>> distributions. Release is due next Tuesday.
>>>>
>>>
>>> Hi Jonathan,
>>>
>>> I've now withdrawn these tarballs as they contain code that performs a
>>> denial of service attack on KDE.org infrastructure.
>>>
>>> As this affects more than just Discover (with KWin, plasma-workspace and
>>> kdeplasma-addons all containing defects that are part of this series as
>>> well) a full respin of all packages will be required.
>>>
>>> We also need patch releases of Discover for all versions going back to
>>> Plasma/5.18. While I appreciate that some of these are "out of support" the
>>> extraordinary nature of the problem we are facing requires it to be made
>>> (much like how Microsoft released a fix for Windows XP in the wake of
>>> Wannacry)
>>>
>>>
>>>>
>>>> Jonathan
>>>>
>>>>
>>> Thanks,
>>> Ben
>>>
>>
[Attachment #3 (text/html)]
<div dir="ltr"><div>You'll need to take this up with the maintainers of Discover \
and KNewStuff. There's no reason why fixing the issue wouldn't resolve the \
problem as fast as removing \
it.<br></div><div><br></div><div>Jonathan</div><div><br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 8 Feb 2022 at 06:53, \
Ben Cooksley <<a href="mailto:bcooksley@kde.org">bcooksley@kde.org</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div \
dir="ltr">On Tue, Feb 8, 2022 at 1:12 AM Jonathan Riddell <<a \
href="mailto:jr@jriddell.org" target="_blank">jr@jriddell.org</a>> \
wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I'm not going to publish \
updates that just remove an important feature. Rather there needs to be discussion \
in the normal KDE method and that feature should be \
fixed.</div></div></blockquote><div><br></div><div>Sorry but i'm going to \
categorically reject in the strongest possible terms the above \
statement.</div><div><br></div><div>What you are in essence saying is that your view \
is that it is acceptable to conduct a distributed denial of service attack on someone \
(even if it unintentional) and then refuse to disable the functionality in question \
while the issue is investigated in full and fixed properly.</div><div>That quite \
simply is appalling.</div><div><br></div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><br></div><div>Jonathan</div></div></blockquote><div><br></div><div>Regards,</div><div>Ben</div><div> \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 6 Feb 2022 at 18:46, \
Ben Cooksley <<a href="mailto:bcooksley@kde.org" \
target="_blank">bcooksley@kde.org</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">On Fri, Feb 4, 2022 \
at 7:52 AM Jonathan Riddell <<a href="mailto:jr@jriddell.org" \
target="_blank">jr@jriddell.org</a>> wrote:<br></div><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div>The tars for Plasma 5.24 are ready on deino for packaging in \
distributions. Release is due next \
Tuesday.</div></div></blockquote><div><br></div><div>Hi \
Jonathan,</div><div><br></div><div>I've now withdrawn these tarballs as they \
contain code that performs a denial of service attack on KDE.org \
infrastructure.</div><div><br></div><div>As this affects more than just Discover \
(with KWin, plasma-workspace and kdeplasma-addons all containing defects that are \
part of this series as well) a full respin of all packages will be \
required.</div><div><br></div><div>We also need patch releases of Discover for all \
versions going back to Plasma/5.18. While I appreciate that some of these are \
"out of support" the extraordinary nature of the problem we are facing \
requires it to be made (much like how Microsoft released a fix for Windows XP in the \
wake of Wannacry)</div><div> </div><blockquote class="gmail_quote" style="margin:0px \
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><br></div><div>Jonathan</div><div><br></div></div></blockquote><div><br></div><div>Thanks,</div><div>Ben \
</div></div></div> </blockquote></div>
</blockquote></div></div>
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic