Sourceware hosts are not affected by the latest xz backdoor. But we have reset the https://builder.sourceware.org containers of debian-testing, fedora-rawhide and opensuse-tumbleweed. These containers however didn't have ssh installed, were running on isolated VMs on separate machines from our main hosts, snapshots and backup servers.
If you are running one of these distros on your development machines then please consult your distro security announcements: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users https://lists.debian.org/debian-security-announce/2024/msg00057.html https://archlinux.org/news/the-xz-package-has-been-backdoored/ https://news.opensuse.org/2024/03/29/xz-backdoor/
