On Sat, Mar 30, 2024 at 6:32 PM Eddie O'Connor <eoconno...@gmail.com> wrote:
> Yeah...this looks like a "big" issue...wonder what the resolution > is?....removal?...or > just hunker down and wait for a patch/update from the devs?... > If you are one of few who installed the "bad" version, you don't have to wait, updates that replace the "bad" version have been released. It could have been a big issue, but a just in time "accidental" discovery means few systems were affected, a detection script is available, and bad packages have been removed from repositories and updating will remove install "bad" packages. A few people may need to "clean" affected systems and regenerate keys. This episode does, however, highlight underlying weaknesses of the open source ecosystem. Many open source projects are widely used but rely on unpaid developers. Some of the original developers are getting old or have other demands on their time. It appears to have been easy (perhaps too easy) for a well-funded and resourced entity to assume the role of an opensource developer. -- George N. White III
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
