[vbox-dev] Wait, what? 6.0.12?

Wed Sep 4 05:24:41 GMT 2019

The way that *I* understand that the update/upload process works:

1) Binaries are uploaded. That's the most time-consuming process.
2) Repo info gets auto-updated (what you saw Valdis).
3) The "index.html" in the download servers is updated (the one that you pointed to Sérgio)
4) The website gets updated.
5) The announcement is made in the dev. list.

Right now we're at 3), and I guess night hit Germany before they got to 4) and 5).

I don't think that Oracle can get hacked that easily, riots would ensure... :)

Socratis

> On 4/Σεπ/2019, at 03:05, Valdis Klētnieks <valdis.kletnieks at vt.edu> wrote:
> 
> Just checking, it wouldn't be the first time that a repository got
> hacked and a twiddled binary getting distributed.  Fortunately, it was
> signed, which eliminates the easy attacks - but it isn't like we've not
> seen attacks  on signing infrastructure before....