Re: Switching away from XZ

To: "Jonathan A. Kollasch" <jakllsch%kollasch.net@localhost>
Subject: Re: Switching away from XZ
From: Jonathan Schleifer <js%NetBSD.org@localhost>
Date: Fri, 5 Apr 2024 11:11:44 +0200

Am 04.04.24 um 04:24 schrieb Jonathan A. Kollasch:

There's been no indication that everyone at xz upstream is malicious,
just the few personas of the attacker.  I think we could all succumb to
social engineering attacks such as what let this happen.  It's very premature
to jump ship from xz at this point.

The attacker managed to get in 750 commits. Lasse (xz upstream) says itwill take a long time to go through all of them and see what else couldhave been sabotaged. More signs of sabotage have already been found.

So, no, trying to avoid the attack surface by trying to use as little xzas possible for now is not premature at all.


--
Jonathan

References:
- Switching away from XZ
  - From: Jonathan Schleifer
- Re: Switching away from XZ
  - From: Jonathan A. Kollasch

Prev by Date: Re: Switching away from XZ
Next by Date: Re: Switching away from XZ
Previous by Thread: Re: Switching away from XZ
Next by Thread: Re: Switching away from XZ
Indexes:

Home | Main Index | Thread Index | Old Index