> Thanks everyone. We're beholden to our hosting environment for upgrades and it looks like there was a bit of a slip-up here. It's being worked on, but for now the Downloads page is disabled.
Calling this a "slip-up" is an outrageous downplay. If anything this makes me suspicious of the moderator who posted the comment too. One does not accidentally prepare a zip file with a malicious exe and xubuntu-specific language, upload it to a server, and point a torrent link at it.
> Calling this a "slip-up" is an outrageous downplay. If anything this makes me suspicious of the moderator who posted the comment too.
You're making an assumption that this moderator is anything more than a Xubuntu enthusiast who wants to downplay outrage on Reddit. Keep in mind Xubuntu is mostly a community effort, not a large corporation with seniors who know how to handle this "best".
I am not making any assumptions, you are failing to do research.
Start by googling the username of the account. They are the Xubuntu Marketing and Website lead. This is the domain they are responsible for and, given their long history, they should know better.
Okay, they're not getting paid. That's worse! This gives them an incentive to be the one to inject malware to steal bitcoins because they haven't been compensated for all their hard work.
So, of course, you stay far, far away from any open source software and their maintainders, since many/most of them don't get paid and are obviously nothing but one giant perverse incentive. Never use them right? Because we wouldn't want to think you're just a hypocrite dog-piling on someones bad day.
This sort of thing must risk harming Canonical's reputation, so you'd think they'd want to use whatever leverage they have to enforce better practices.
It is an official flavor[1], that is, maintained as a community effort, but endorsed by Ubuntu. The related packages are hosted in Ubuntu's universe repository[2]. There is indeed a risk of reputation damage.
>Keep in mind Xubuntu is mostly a community effort, not a large corporation with seniors who know how to handle this "best".
which is why the whole distro zoo and "stick it to the man" theatre has always been a nightmare. Running some barely maintained operating system that is an nth-degree spin-off is like buying a pacemaker from craigslist. The people who go "I don't trust Canonical/Google" and then go download some binary blob browser fork/OS uploaded by an anonymous guy from the internet is way too large.
> Running some barely maintained operating system that is an nth-degree spin-off is like buying a pacemaker from craigslist.
If my options are between a barely maintained linux operating system which might compromise my data and a barely maintained windows operating system that is designed to compromise my data I'll take my chances with linux. At this point no one can be assured of their safety and all anyone can do is choose the lesser evil and hope for the best.
It's a stretch to call Windows a "barely maintained operating systems". Windows probably has more paid contributors to the Start menu than Ubuntu has total employees. The Windows software is generally rock solid, if frequently spammy (which an advanced Windows user can mostly fix in 30 minutes, especially in Europe).
I luckily hardly use any Windows so I refrain from commenting on its (maintenance) quality.
But I have to use another MS product daily: Teams. It's a product with very poor usability. Even simple things like tracking which message you have read and which one you haven't don't get better upgrade after upgrade. I am sure they have a huge development budget and tons of paid developers. The number of paid developers can be completely uncorrelated to quality.
(I am sure zulip has just a little fraction of paid developers, but it is a program in the same domain that works muuuch better.)
Not a great day to try to argue how well maintained and "rock solid" windows is considering the issues it's having (see https://www.techpowerup.com/342032/windows-11-25h2-october-u...) not to mention all the other updates that've caused data loss or broken things and that's just windows 11! Just paying a bunch of people to push out updates isn't enough for a well maintained OS.
You are focusing on the least interesting part they said. Even if Windows is rock solid, it is still out to steal your data 100% and there might be a chance some linux distro is doing the same. When it does, it ends up being flagged by users as happened now. When Microsoft does it, nobody is surprised though.
I've used both Windows and Linux for 20+ years and I can count the major issues I've had with both on one hand. Yes, sometimes they both botch QA but you can also live with both without major issues.
Oh, and that update - fairly sure it was optional.
The usual lesson applies, never install version 1.0. Install 1.0.5 or even better, 1.1.1.
> which is why the whole distro zoo and "stick it to the man" theatre has always been a nightmare.
The real obnoxiousness is that Ubuntu doesn't keep these desktop and otherwise specialized variants partially in-house like they once did. It isn't like they don't have the money or the staff. It's just not part of their world takeover plan anymore; no deviation allowed.
Just get away from Ubuntu, install Debian, and choose XFCE when installing. Please.
> It's just not part of their world takeover plan anymore
That's because they don't have a world takeover plan anymore. That plan failed, so they came up with other ones (mobile! Subscriptions!) and those failed too - so now they're just trying to survive.
I honestly prefer for Ubuntu to be just another Linux player doing what most Linux players do (i.e. looking after n.1 and focusing on internal consistency), rather than their original borg-like form that tried to co-opt the entire ecosystem. As much as I enjoy a reliable Debian-like infrastructure everywhere, there is value in the fundamental diversity of distros focused on different ways to "do Linux".
On the other hand, there are far few developers working on XFCE compared to desktop environments like KDE or gnome. The more obscure places might be better places to hide malware, nobody would notice, unlike in XUbuntu.
And yet that "binary blob browser fork/OS uploaded by an anonymous guy from the internet" is still more respectful to my privacy, than the average large proprietary OS. Guess which one I will be using?
Indeed that is a suspicious or at least untrustworthy way to deflect the seriousness of a malware infection that potentially affects all users of an OS distribution.
Nobody has yet identified any malicious code in the repository.
How do you prove that the person hacking the website is not an associate of (or the same as) the person running the website?
If this were proprietary software then the software would be expected to die. Since this is open source, there is the option for the original project to die and for a fork to rise form the ashes.
Calling this a "slip-up" is an outrageous downplay. If anything this makes me suspicious of the moderator who posted the comment too. One does not accidentally prepare a zip file with a malicious exe and xubuntu-specific language, upload it to a server, and point a torrent link at it.