Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
neurostimulant
on March 29, 2024
|
parent
|
context
|
favorite
| on:
Backdoor in upstream xz/liblzma leading to SSH ser...
Rolling back two years worth of commits made by a major contributor is going to be hell. I'm looking forward to see how they'll do this.
joeyh
on March 29, 2024
[–]
Not really. xz worked fine 2 years ago. Roll back to 5.3.1 and apply a fix for the 1 security hole that was fixed since that old version. (ZDI-CAN-16587)
Slight oversimplification, see
https://bugs.debian.org/1068024
discussion.
kelseydh
on April 3, 2024
|
parent
[–]
This seems true with so many of these core libraries. Change for the sake of change introduces attack vectors. If it ain't broke, don't fix it!
account42
on April 3, 2024
|
root
|
parent
[–]
Yeah but people will cry "dead project" if there hasn't been a release for a week.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
