On 30/03/2024 15.45, Michael Catanzaro wrote:
On Sat, Mar 30 2024 at 12:26:48 PM +00:00:00, Christopher Klooz
<py0xc3(a)posteo.net> wrote:
> If I got Rich right, the malicious code is likely to be broken on F40,
No, that is not correct, as explained by [1] and [2]. We have already asked Red Hat to
investigate and fix the blog post. This is still an evolving situation; apologies for the
confusion as we sort this out.
[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
[2]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
Then we must have had some communication snafu regarding the Fedora Magazine article,
because multiple people including myself flagged the incorrect statement there before the
article was published. Hopefully we can get one this fixed, too.
Michael
In case someone from the Fedora Magazine is in the devel mailing list and reads
this:
I am not sure if this is intended, but the article on the magazine already spread the
false information that "testing" is disabled by default on F40 (this was also
spread on LinkedIn - both have been already re-distributed into several channels), and now
it says in the first section "Fedora Linux 40 Beta users only using stable
repositories are NOT impacted".
I assume that users who already have the false information (which is already widely
distributed) in mind do not feel corrected if they now read “Fedora Linux 40 Beta users
only using stable repositories are NOT impacted”. They might simply come to the conclusion
that they are not affected since they never enabled testing manually. The article does not
correct the earlier information but leaves it as potentially valid.
I think you should make clear in the beginning that testing is enabled by default, and
unless they changed it themselves, it has to be assumed to be enabled. With the false
information spread already through many channels, I assume some people stop reading after
the first section.
I just triggered Justin [1] but I am not sure if he is available at the moment. It would
be cool if someone with privileges adjusts the article's first section.
[1]
https://discussion.fedoraproject.org/t/attention-malicious-code-in-curren...