What is the problem that needs a RPM from an untrusted web site?
3 Likes
Is there a way that users can trace the build chain from patched source code to .so binary?
On your say so? No confidence at all.
Show me the patch and the fedora bugzilla tracking the bug please.
1 Like
I think something so files is broken.at the final KDE Plasma crashed
I don’t like go to report this problem in the Fedora bugzilla,because the operation is complicated.
Why does the RPM package have Fedora listed as the packager in the Packager field? this is obviously not true and wouldn’t happen unless someone specified it?
In fact,it’s me packaged
Only I didn’t modify packager
I think you are not getting the point of the conversation here. Asking people to download a random so file can lead to serious security problems (what if you modified it to inject malware?). You need to tell people where you got it, and it needs to be a place known to be secure (e.g. from an older Fedora rpm package or built on COPR).
For other users with the same issue, I “solved” the problem temporarily by uninstalling fcitx5 so that KDE would at least be usable.
1 Like
I from an older Fedora rpm package extracted.And I packaged.
But I reported this problem.Link is 2375518 – KDE Plasma Wayland has a segfault when starting fcitx5
Good news!Now only enable updates-testing and update about fcitx5 packages,the problem is solved.
Just a suggestion in case someone wants to provide an unofficial rebuild as a workaround: you can try building the package on COPR. Usually, it’s sufficient to create the build using the exact DistGit path from https://src.fedoraproject.org/.
Since no one should—or can—trust a random binary from the internet, using COPR ensures that both the input and the build process are transparent and verifiable.