Re: lcamtuf on the recent xz debacle

2024-04-04 Thread Alexis
Katherine Mcmillan writes: I have seen the following comment, or similar, in several articles now: "On Friday, a lone Microsoft developer rocked the world when he revealed a

Re: lcamtuf on the recent xz debacle

2024-04-04 Thread Christian Weisgerber
Katherine Mcmillan: > Just for clarity, does anyone know what "Unix-like operating systems" > would be affected by this? None. TLDR: The build process of the backdoor explicitly aborts on platforms other than Linux x86-64. As the maintainer of the archivers/xz port, I took a look at the build

Re: lcamtuf on the recent xz debacle

2024-04-04 Thread Eric Pruitt
On Thu, Apr 04, 2024 at 09:17:18PM +, Katherine Mcmillan wrote: > I have seen the following comment, or similar, in several articles now: > "On Friday, a lone Microsoft developer rocked the world when he revealed a >

Re: lcamtuf on the recent xz debacle

2024-04-04 Thread Eric S Pulley
llumos for that matter (ex. smartOS), or QNX, or Solaris. Just for > clarity, does anyone know what "Unix-like operating systems" would be > affected by this? > > Thank you, > Katie > > ____ > From: owner-m...@openbsd.org on beh

Re: lcamtuf on the recent xz debacle

2024-04-04 Thread Markus Wernig
On 4/4/24 23:17, Katherine Mcmillan wrote: an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems." There are a couple of problems with this statement, but I just want to focus in on the "almost all installations of Linux

Re: lcamtuf on the recent xz debacle

2024-04-04 Thread Katherine Mcmillan
would be affected by this? Thank you, Katie From: owner-m...@openbsd.org on behalf of Aaron Mason Sent: 03 April 2024 19:17 To: misc@openbsd.org Subject: Re: lcamtuf on the recent xz debacle Attention : courriel externe | external email On Sat, Mar 30, 2024 at 9:32 PM Peter N. M.

Re: lcamtuf on the recent xz debacle

2024-04-03 Thread Aaron Mason
On Sat, Mar 30, 2024 at 9:32 PM Peter N. M. Hansteen wrote: > > "This dependency existed not because of a deliberate design decision > by the developers of OpenSSH, but because of a kludge added by some > Linux distributions to integrate the tool with the operating > system’s newfangled

Re: lcamtuf on the recent xz debacle

2024-03-30 Thread Jozef Nagy
I will briefly add a few links where the issue is further debated for those who are interested: https://boehs.org/node/everything-i-know-about-the-xz-backdoor https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 > 30. 3. 2024 v 11:33, Peter N. M. Hansteen : > > While this issue

lcamtuf on the recent xz debacle

2024-03-30 Thread Peter N. M. Hansteen
While this issue does not in fact affect OpenBSD, I think it will still be of interest to OpenBSD users -- a lot of us deal with Linux in our dayjobs, after all. This is one of the best explanations of the matter I have seen so far: