MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
not
Recherche

What we need to take away from the XZ Backdoor (openSUSE News)

vendredi 12 avril 2024, 15:55 , par LWN.net
Dirk Mueller has posted a
lengthy analysis of the XZ backdoor on the openSUSE News site, with a
focus on openSUSE's response.

Debian, as well as the other affected distributions like openSUSE
are carrying a significant amount of downstream-only patches to
essential open-source projects, like in this case OpenSSH. With
hindsight, that should be another Heartbleed-level learning for the
work of the distributions. These patches built the essential steps
to embed the backdoor, and do not have the scrutiny that they
likely would have received by the respective upstream
maintainers. Whether you trust Linus Law or not, it was not even
given a chance to chime in here. Upstream did not fail on the
users, distributions failed on upstream and their users here.
https://lwn.net/Articles/969591/
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
ven. 22 nov. - 00:31 CET