Hi there, On Fri, Mar 29, 2024 at 09:37:46PM +0000, Scott Kitterman wrote: > > > On March 29, 2024 6:55:51 PM UTC, "Pierre-Elliott Bécue" <[email protected]> > wrote: > > > >Matt Taggart <[email protected]> wrote on 29/03/2024 at 17:14:24+0100: > > > >> On 3/29/24 04:11, Fabio Pedretti wrote: > >>> Hi, I'd like to request the backports of xz-utils from bookworm to > >>> bullseye. > >> > >> As long as it's the security fixed 5.6.1+really5.4.5-1 or newer. > > > >As long as we don't have a proper understanding of everything that > >revolves around this backdoor thing, this is not a good idea to backport xz. > > The email address that purported to make the original request has a Salsa > account with a private profile, which is IME not typical for Debian: > > https://salsa.debian.org/fabio-guest > > Is this person known to anyone in the project? > > Scott K
Someone opened an upstream issue about the recent problem [1] and there is a comment [2] there from a girhub user FabioPedretti which I assume is the same person. The profile on github is also a private one [3]. Cheers, Charles [1] https://github.com/tukaani-project/xz/issues/92 [2] https://github.com/tukaani-project/xz/issues/92#issuecomment-2027584756 [3] https://github.com/FabioPedretti
signature.asc
Description: PGP signature
