Much work is currently in progress to actually fix these issues. I see
multiple merge requests across multiple repos being reviewed and merged.
I think it makes sense to let that process happen. I see no indication
of the issue not being taken seriously, even considering the hyperbolic
and threatening way in which it was communicated mere days before a
major software release that is already occupying everyone's time. Let's
tone down the rhetoric and let developers do their jobs, now that
they've been made aware of this critical issue.
Nate
On 2/8/22 02:53, Jonathan Riddell wrote:
You'll need to take this up with the maintainers of Discover and
KNewStuff. There's no reason why fixing the issue wouldn't resolve the
problem as fast as removing it.
Jonathan
On Tue, 8 Feb 2022 at 06:53, Ben Cooksley <bcooks...@kde.org
<mailto:bcooks...@kde.org>> wrote:
On Tue, Feb 8, 2022 at 1:12 AM Jonathan Riddell <j...@jriddell.org
<mailto:j...@jriddell.org>> wrote:
I'm not going to publish updates that just remove an important
feature. Rather there needs to be discussion in the normal KDE
method and that feature should be fixed.
Sorry but i'm going to categorically reject in the strongest
possible terms the above statement.
What you are in essence saying is that your view is that it is
acceptable to conduct a distributed denial of service attack on
someone (even if it unintentional) and then refuse to disable the
functionality in question while the issue is investigated in full
and fixed properly.
That quite simply is appalling.
Jonathan
Regards,
Ben
On Sun, 6 Feb 2022 at 18:46, Ben Cooksley <bcooks...@kde.org
<mailto:bcooks...@kde.org>> wrote:
On Fri, Feb 4, 2022 at 7:52 AM Jonathan Riddell
<j...@jriddell.org <mailto:j...@jriddell.org>> wrote:
The tars for Plasma 5.24 are ready on deino for
packaging in distributions. Release is due next Tuesday.
Hi Jonathan,
I've now withdrawn these tarballs as they contain code that
performs a denial of service attack on KDE.org infrastructure.
As this affects more than just Discover (with KWin,
plasma-workspace and kdeplasma-addons all containing defects
that are part of this series as well) a full respin of all
packages will be required.
We also need patch releases of Discover for all versions
going back to Plasma/5.18. While I appreciate that some of
these are "out of support" the extraordinary nature of the
problem we are facing requires it to be made (much like how
Microsoft released a fix for Windows XP in the wake of Wannacry)
Jonathan
Thanks,
Ben
