When the Fedora Engineering Steering Council (FESCo) is up for election, the project posts interviews of the candidates in order to help Fedora contributors make an informed choice. This year, the candidates are Zbigniew Jędrzejewski-Szmek, Tomáš Hrčka, Josh Stone, David Cantrell, Fabio Alessandro Locati, and Kevin Fenzi. All of them except for Locati are current members of the steering council. Voting is open until December 20.
In 2019, the Python community had a lengthy discussion about changing the rules (that some find counterintuitive) on using break, continue, or return statements in finally blocks. These are all ways of jumping out of a finally block, which can interrupt the handling of a raised exception. At the time, the Python developers chose not to change things, because the consensus was that the existing behavior was not a problem. Now, after a report put together by Irit Katriel, the project is once again considering changing the language.
For a detailed description of how the exploit works, see this blog post.
Then, as the hash collision occurred, the server returns the overwritten build artifact to the legitimate request that requests the following packages. [...]
By abusing this, an attacker could force the user to upgrade to the malicious firmware, which could lead to the compromise of the device.