Linux Firmware Update Utility Fwupd Will Use Zstd Compression for Future Releases

The devs are also considering enforcing signed commits in an attempt to prevent supply chain issues like the XZ backdoor.

Edit: note for downvotes: I understand some of you disagree with the need for a switch. However, are you downvoting the news itself (i.e. shooting the messenger?)

    • GravelPieceOfSword@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      7 months ago

      As with all definitions, there is a gray area where people will have different boundaries on exact meanings. To you - a supplier relationship needs an explicit payment, which is a fair definition.

      However, the more widely used definition that most people, including me, refer to, is not necessarily focused on the supplier, but on the supply - what we use in our toolchains is a supply - regardless of how it was obtained.

      When there is an issue in a trusted supply, even if it was not a commercial relationship (a prerequisite by your definition), it is a supply-chain attack by the more widely used definition.

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Brodie is that you?

      Anyhow I would argue that it is indeed a supply chain but you still need to be respectful of the volunteers. The article seems to mostly talking about proprietary software anyway.

      • ⸻ Ban DHMO 🇦🇺 ⸻@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Brodie is that you?

        His video is where I got that from. Well as the article points out it’s not like a traditional supply chain where there is an agreement or guarantees.