Hi Guinevere,
> TL;DR: as with most security issues, end users should update their systems.
>
> I think you may be caught in some news exaggeration. Don't get me wrong, this
> hack was a huge thing, but it was discovered early enough that most (i'd
> guess almost all) fedora users wont' have to do anything.
>
> For Fedora, the problem package was only in Fedora 40 Beta and Fedora
> Rawhide. If you are not running these packages, this isn't more than a "wow,
> that was a near miss" for the end user. If you are running either version,
> the xz maintainer has already rolled back the problem update, so if you use
> "dnf update" you are safe.
>
> Because of a stroke of luck (finding this as early as we did) its as simple
> as that, we have an assumed good version that users can 'update' to, and
> beyond that, us developers need to verify that the assumed good version is
> actually good, and if it isn't, issue new updates.
That was simply explained without burying it. Thanks.
Someone again in private complained at me for "I should have read" the Fedora
Magazine.
Somehow I am supposed to know that Fedora *Magazine* is the official info
source for FedoraProject, not the front page or even "News & Announcements".
I guess I do now.
Now read what is written at
https://fedoramagazine.org/cve-2024-3094-security-alert-f40-rawhide/.
Let me say I wish I had found your comment written in your way sooner! Even
when you suspect it may be the case it's harder to evade any news exaggeration
when it's not clear where to look or the places you do look are written in ways
you can't clearly understand. So one more time, Thanks.
Cheers!
Arnie
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
