[vbox-dev] Wait, what? 6.0.12?
socratisk at gmail.com
Wed Sep 4 05:24:41 UTC 2019
The way that *I* understand that the update/upload process works:
1) Binaries are uploaded. That's the most time-consuming process.
2) Repo info gets auto-updated (what you saw Valdis).
3) The "index.html" in the download servers is updated (the one that you pointed to Sérgio)
4) The website gets updated.
5) The announcement is made in the dev. list.
Right now we're at 3), and I guess night hit Germany before they got to 4) and 5).
I don't think that Oracle can get hacked that easily, riots would ensure... :)
> On 4/Σεπ/2019, at 03:05, Valdis Klētnieks <valdis.kletnieks at vt.edu> wrote:
> Just checking, it wouldn't be the first time that a repository got
> hacked and a twiddled binary getting distributed. Fortunately, it was
> signed, which eliminates the easy attacks - but it isn't like we've not
> seen attacks on signing infrastructure before....
More information about the vbox-dev