I know sir.
My apologies.
What I actually meant to say was
"Please, Sirs, somebody check the port! I am not qualified enough to do
so myself."
Thomas
On 4/1/24 13:47, Theo de Raadt wrote:
Thomas Dettbarn <det...@dettus.net> wrote:
Hello.
Yeah... You know how the social engineering part of this xz
backhole was done?
Somebody pressured the Maintainer, that he needs to add new
features.
Afterwards, the maintainers of distributions were pressured to
update, because there were some "NEW FEATURES" available.
Your post sounded eerie similar. As do some of the gitlog entries.
Just my two cents...
(I am sure that I have not yet earned the privilege to post it on this list,
but I felt like I had to say something. Blame it on poor impulse control!)
I think that is an uneducated take on the situation. It sounds like:
"I can't really tell, but I'm very suspicious, I'm not going to put
any effort into justifying my suspiciouns, but in the meantime maybe
it is better if everyone stop all open source work of any sort
immediately. Just my pointless two cents."
On 4/1/24 12:55, Kirill A. Korinsky wrote:
Folks,
Despite of current security issue with xz/lzma the algortihm itself provides
great compression, and the existing XZ Utils provide great compression in
the .xz file format, but they produce just one big block of compressed data.
Here, a new port which is called archivers/pixz which produces a collection
of smaller blocks which makes random access to the original data possible.
This is especially useful for large tarballs.
This can be used as seprated application or via tar, that described on
homepage: https://github.com/vasi/pixz
--
wbr, Kirill
