@sjuvonen @GossiTheDog @wdormann
Are you trying to say that I missed something? Then say it, rather that throwing accusations.
As I understand it, Debian took a heavily audited piece of code (OpenSSH), added a patch to use a library from an untrusted source, who then (allegedly deliberately) added a back door.
What am I missing?
@leeloo You’re the one throwing accusations. Explain how Fedora and openSUSE among others using the same libs and being similarly affected is Debian’s fault? Everybody’s doing it because xz is a dependency of systemd.
Clout chasing by pissing on foundational open source projects would probably fly better on LinkedIn.