On 2024-04-28, Morten Linderud wrote: > On Fri, Apr 26, 2024 at 02:06:16PM -0600, Hank Leininger wrote: > > - ~11k EndeavourOS/Arch packages
> Please just write Arch packages. There is no upstream collaboration > from Endeavour on those 11k packages. That's fair enough; I rather was attempting to indicate which distro from a family we used, "~11k Arch packages (on EndeavourOS)", similar to testing on Rocky as a representative of the RPM ecosystem, etc. We did not analyze any AUR packages (yet? seems like we could, and if we could we should). These same corpuses will be used for continued m4 analysis; so far we've only done the m4 spelunking on Gentoo. That reminds me, we did not specify what release-trains we tested for each; our goal was to pick one that had (or had had, and been rolled back) a backdoored xz-utils version (5.6.0 / 5.6.1) if we could: - Debian sid - EndeavourOS 2024.01.25 - Gentoo as-of 2024-04-18 - Rocky 9.3 Thanks, -- Hank Leininger <hl...@korelogic.com> 8428 ED14 5268 C727 0C48 F454 846F 0637 5FEB 1612
signature.asc
Description: Digital signature
