The #xz fiasco could have been prevented if #openssh just included/implemented systemd-notify as a simple protocol, which apparently would have been easy…
Instead, distros all implemented the patch to include a dependency which eventually included xz…
The #xz fiasco could have been prevented if #openssh just included/implemented systemd-notify as a simple protocol, which apparently would have been easy…
Instead, distros all implemented the patch to include a dependency which eventually included xz…
Gregory's Server
Kinda important side-fact on the #xz story:
The #xz fiasco could have been prevented if #openssh just included/implemented systemd-notify as a simple protocol, which apparently would have been easy…
Instead, distros all implemented the patch to include a dependency which eventually included xz…
See https://github.com/openssh/openssh-portable/pull/375#issuecomment-2027772338
That said, *of course*, the attacker could have found other packages/ways/deps to include the malicious package/code, but still sad to read…
@cadey @AndresFreundTec
Kinda important side-fact on the #xz story:
The #xz fiasco could have been prevented if #openssh just included/implemented systemd-notify as a simple protocol, which apparently would have been easy…
Instead, distros all implemented the patch to include a dependency which eventually included xz…
See https://github.com/openssh/openssh-portable/pull/375#issuecomment-2027772338