On Thu, Apr 29, 2021 at 8:52 AM dieter
There exists a bug for it: https://bugzilla.opensuse.org/show_bug.cgi?id=1184326
Okay thank you lot for pointing to this bug. Wondering now though, if my system is theoretically or in the actual sense completely compromised for real or virtually. I observed the dup process. I checked with lsof what the zypper was doing, and I have seen lsof | grep zypper a lot of network entries, where it connected to those mirror brained servers but via http, the ip address or hostname and the :80 (http) at the end of the line was given, to the service (webserver) the zypper conntected and fetched all those rpm files. So when the whole dup process, for i would bet, each and every rpm it fetched, printed out those missing key error lines and entries, then the dup process could have fetched "god" knows what kind of bits, thus totally compromising this system here. When this bug report exists like in the beginning of April, how can suse folks push a piece of software with the attribute "release candidate" with such a serious security issue? Should I abandon this machine and start from scratch? how can this be of RC grade at all for such essential security related things going so wrong? Am I only imagining things or exaggerating? Or is this a real attack vector and real fail of the software developers? I feel seriously disappointed and let down in these situations. Dont want to offend anyone personally, but in my opinion i want to "attack" the technical roles and stake holders if this turns out to be true. I seriously dislike the situations when having this much power and responsibility and releasing this kind of situation on the public. ty.