Hello everyone,

Would like to hear thoughts of knowledgeable people on recent security report: https://www.kde.org/info/security/advis ... 1114-1.txt

Will quote it here:

The package archive used by KDE neon was incorrectly configured
allowing anyone to upload packages to it. There is no reason to think
that anyone actually did so but as a precaution we have emptied the archives
and removed ISOs built before this date. The archive is being rebuilt
and ISOs regenerated.

I would like to know how big is a chance someone put malicious code into the archive? Any research has been done?

If someone is interested can read comments about the problem here: http://jriddell.org/2016/11/14/upgrade- ... ity-issue/

We have no reason to think anyone did compromise the archive, we just found a way in which someone could and it's always best to cover the worst case for security so we've rebuilt and new images are available for a reinstall. There's no reports of any problems but let us know if you come across anything suspicious.

I just went and downloaded the new image and used rosaimage writer and reinstalled. I love this distro and Plasma 5.8 so much that I will give it another chance.

misswham wrote:I just went and downloaded the new image and used rosaimage writer and reinstalled. I love this distro and Plasma 5.8 so much that I will give it another chance.

Same here. I do hope that we are safe with Neon.

And thanks to the Neon team for being open and letting everyone know about the problem.