Re: xz backdoor

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xz backdoor

From:	Attila Lendvai
Subject:	Re: xz backdoor
Date:	Mon, 01 Apr 2024 20:52:36 +0000

> The quick summary is that Guix currently shouldn't be affected
> because a) Guix currently packages xz 5.2.8, which predates the
> backdoor, and b) the backdoor includes checks based on absolute
> paths e.g. under /usr and Guix executable paths generally don't
> match the patterns checked for.


and guix doesn't use systemd that patches sshd -- a critical piece of security 
-- in a way that made the backdoor possible...

-- 
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“War is a moral contest that is won in the temples before it is ever fought.”
        — Sun Tzu (c. 6th century BC), author of 'The Art of War' (as 
paraphrased by Jack Kennedy)

[Prev in Thread]

Current Thread

[Next in Thread]

xz backdoor, Reza Housseini, 2024/04/01
- Re: xz backdoor, Kaelyn, 2024/04/01
  - Re: xz backdoor, Attila Lendvai <=
- Re: xz backdoor, jbranso, 2024/04/01
- Re: xz backdoor, Leo Famulari, 2024/04/01
  - Re: xz backdoor, Attila Lendvai, 2024/04/02
    - Re: xz backdoor, adanskana, 2024/04/02
    - Re: xz backdoor, Ryan Prior, 2024/04/02

Prev by Date: Re: xz backdoor
Next by Date: Re: Emacs and Gnome branches are merged now
Previous by thread: Re: xz backdoor
Next by thread: Re: xz backdoor
Index(es):
- Date
- Thread