On 01/04/2024 16.32, Michael Catanzaro wrote:
On Sun, Mar 31 2024 at 06:52:53 PM +00:00:00, Christopher Klooz
<py0...@posteo.net> wrote:
"Fedora Linux 40 branched users (i.e. pre-Beta) likely received the potentially
vulnerable 5.6.0-2.fc40 build if the system updated between March 2nd and March 6th.
Fedora Linux 40 Beta users only using stable repositories are NOT impacted. Fedora Linux
39 and 38 users are also NOT impacted."
-> only pre-beta, not beta, affected
-> F40 beta using stable NOT impacted (without challenging the previously
distributed assumption that testing is disabled by default)
That's still the same false information, isn't it?
It looks correct to me. The bug was fixed prior to the final release of F40 beta, so
describing it as "pre-beta" makes sense. And people who used only the stable
repos were indeed not affected. The article later clarifies that updates-testing is
enabled by default (although it would be nicer to do this higher up rather than lower
down the page).
Interesting. I thought the below note about "testing = enabled by default" was already
mentioned before. I was only worried about the top section. The abstract decides if people keep
reading, and with the previously spread information, I had doubt that the sentence motivates people
to read further. So I assume the "stable repo not impacted" sentence suggests something
false given the previously established context (default = stable, not testing).
Concerning your argument that the bug was fixed prior to the beta release, I
answered on the Fedora Discussion topic [1] (to avoid duplication here) since I
am not sure if I understand what you mean (and what it implies for the majority
of users).
Btw, thanks for your elaborations and clarifications in the recent days ;)
[1]
https://discussion.fedoraproject.org/t/xz-lessons-learned-if-how-to-involve-fedora-magazine-in-cve-handling/111255/16
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
