There is now a GitHub issue in the xz repository inquiring...

scy's posts Post Back to profile

Top-level

scy

There is now a GitHub issue in the xz repository inquiring about whether this has been intentional or not.

https://github.com/tukaani-project/xz/issues/92

Like 29 March at 18:37 | Open on chaos.social

3 comments

scy

Ugh, there is xz code in the #Linux kernel.

An open patchset from a few days ago has been put on hold.

https://lore.kernel.org/lkml/202403291221.124220E0F4@keescook/

via https://mastodon.social/@brauner/112180923169321849

29 March at 20:51 | Open on chaos.social

scy

I'm not saying that it looks like someone has specifically targeted xz and played the long game by helping out a maintainer that was overworked and suffered from mental health issues

but it does look like someone has specifically targeted xz and played the long game by helping out a maintainer that was overworked and suffered from mental health issues

https://mastodon.social/@glyph/112180922900094371

29 March at 21:41 | Open on chaos.social

scy

Meanwhile, #Debian is considering rolling #xz back not only to the point before the backdoor was added, but to where the person who _wrote_ the backdoor hadn't contributed any code to xz yet.

Which means considering creating patches to fix ABI breakage such a rollback would cause.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

For all the trash talk Debian gets for being "pedantic" and slow to change: They put in the _work_ to do things _right_. I respect that.

via https://hachyderm.io/@joeyh/112181512951127467

(Edit: English is hard.)

Meanwhile, #Debian is considering rolling #xz back not only to the point before the backdoor was added, but to where the person who _wrote_ the backdoor hadn't contributed any code to xz yet.

Which means considering creating patches to fix ABI breakage such a rollback would cause.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

Expand text...

30 March at 1:18 | Open on chaos.social