On Mon, Apr 1 2024 at 10:25:16 AM -07:00:00, Adam Williamson
<adamw...@fedoraproject.org> wrote:
Oh, ISWYM. Well, I suppose yes, that does happen to be true. We could
communicate that if it's done very carefully and made really clear
that
it's about the *time frame*, nothing to do with the repositories.
It's been brought to my attention that the Fedora Magazine article [1]
has been updated yet again, and now it warns that the 5.6.0-3.fc40
build was "tainted." This build is not affected by the backdoor because
ifuncs were disabled.
I'm quite frustrated now. The message from Richard and other engineers
has been very consistent. The bad builds are 5.6.0-1.fc40 and
5.6.0-2.fc40. We have been saying as much since Friday. Please fix the
article once again.
(There is no strong reason to believe 5.6.0 is otherwise worse than
5.4.6, since both versions were released by the same attacker. It
doesn't make sense to refer to the -3 build as "tainted.")
Michael
[1] https://fedoramagazine.org/cve-2024-3094-security-alert-f40-rawhide/
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
