Could the XZ backdoor have been detected with better Git and Debian packaging practices?
(optimizedbyotto.com)
from otto@programming.dev to security@lemmy.ml on 19 Oct 17:36
https://programming.dev/post/39335346
from otto@programming.dev to security@lemmy.ml on 19 Oct 17:36
https://programming.dev/post/39335346
How did the changes in the binary test files tests/files/bad-3-corrupt_lzma2.xz and tests/files/good-large_compressed.lzma, and the makefile change in m4/build-to-host.m4) manifest to the Debian maintainer? Was there a chance of noticing something odd?
#security
threaded - newest
Well, eventually it WAS noticed before making it to Stable, partly by chance, but partly because of the existing process.