• noddy@beehaw.org
    link
    fedilink
    arrow-up
    31
    ·
    8 months ago

    The scary thing about this is thinking about potential undetected backdoors similar to this existing in the wild. Hopefully the lessons learned from the xz backdoor will help us to prevent similar backdoors in the future.

    • Possibly linuxOP
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      8 months ago

      I think we need focus on zero trust when it comes to upstream software

        • Possibly linuxOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          It is fine to use them just know how they work and check the commit log.

          That of course requires you to pull from got instead of a tarball

              • billgamesh@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                8 months ago

                i’m not an expert, but my reading was that it was hidden in a binary used for testing EDIT: oh yeah, i see what you mean