On Fri, Mar 29, 2024 at 2:08 PM Richard W.M. Jones <rjo...@redhat.com> wrote: > > > On Fri, Mar 29, 2024 at 07:00:37PM +0100, Kevin Kofler via devel wrote: > > Hi, > > > > wow: https://www.openwall.com/lists/oss-security/2024/ > > > > I think at this point we clearly cannot trust xz upstream anymore and should > > probably fork the project. > > I kind of agree here, though it saddens me to say it. Any commit or > release by "Jia Tan" or "Hans Jansen" [1] is suspect until proven > otherwise, and those go back 2 or more years. >
I've been rolling in my head for a while now the idea of picking at things where we use gzip or xz to move to zstd where possible, given the benefits of the algorithm. This compromise has kind of raised the profile for me to seriously consider looking into it. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
