(moving this to gentoo-user as this is really getting off-topic for -dev)
On Sun, Mar 31, 2024 at 7:32 AM stefan1
wrote:
>
> Had I seen someone say that a bad actor would spend years gaining the
> trust of FOSS
> project maintainers in order to gain commit access and introduce such
> sophisti
On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
> (moving this to gentoo-user as this is really getting off-topic for -dev)
Thanks for bringing this to our attention Rich.
Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are
we meant to rebuilding any other/all
On 3/31/24 07:59, Michael wrote:
On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
(moving this to gentoo-user as this is really getting off-topic for -dev)
Thanks for bringing this to our attention Rich.
Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are
we
On Sun, Mar 31, 2024 at 10:59 AM Michael wrote:
>
> On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
> > (moving this to gentoo-user as this is really getting off-topic for -dev)
>
> Thanks for bringing this to our attention Rich.
>
> Is downgrading to app-arch/xz-utils-5.4.2 all that is
Den 31.03.2024 14:33, skrev Rich Freeman:
(moving this to gentoo-user as this is really getting off-topic for -dev)
It might also happen with commercial software, but the challenge there
is HR as you can't just pay 1 person to masquerade as 10 when they all
need to deal with payroll taxes.
On 3/29/24 22:38, Daniel Frey wrote:
Hi all,
I've moved a couple of machines from openrc to systemd.
I have discovered this odd problem. On openrc, distcc was quiet during
building packages. It would obey environment variable set in /etc/env.d:
DISTCC_DIR=/var/distcc
DISTCC_ENABLE_DISCREPANC
think the distcc.service file has an extra -v (--verbose). if you remove
that, it will behave as expected.
On 3/31/2024 11:57 PM, Daniel Frey wrote:
On 3/29/24 22:38, Daniel Frey wrote:
Hi all,
I've moved a couple of machines from openrc to systemd.
I have discovered this odd problem. On ope
On 3/31/24 13:59, Alexandru N. Barloiu wrote:
think the distcc.service file has an extra -v (--verbose). if you remove
that, it will behave as expected.
I checked all the units on one of the machines still showing the problem
and an extra '-v' is not present in any of the files.
That's a g
/etc/systemd/system/distccd.service.d/00gentoo.conf or the service file.
has to be. there cant be anything else. that's how distcc behaves when
started with -v. do a ps axw. figure out where the -v is coming from.
maybe a systemctl daemon-reload && systemctl restart distccd. cant be
anything el
I think in the past, the service file had a -v. Somewhere near the
present, they reverted to a non -v service file. So if you keep
upgrading distcc, prolly the service file still has a -v from past
installations. If you uninstall it, and install it again, then prolly
you got the new service fil
On 31/03/2024 20:38, Håkon Alstadheim wrote:
For commercial entities, the government could just contact the company
and apply pressure, no need to sneak the backdoor in. Cf. RSA .
Apply pressure to who? At the end of the day, the only people the
government can trust are their own agents.
Ser
On Sun, Mar 31, 2024 at 5:36 PM Wol wrote:
>
> On 31/03/2024 20:38, Håkon Alstadheim wrote:
> > For commercial entities, the government could just contact the company
> > and apply pressure, no need to sneak the backdoor in. Cf. RSA .
>
> Serving a "secret compliance" notice on a third party is al
On Sun, 2024-03-31 at 12:04 -0400, Rich Freeman wrote:
>
> It is not necessary to rebuild anything, unless you're doing something
> so unusual that you'd already know the answer to the question.
>
You should probably reboot afterwards though.
For a more fine-grained approach, you can check for
On Sun, 2024-03-31 at 18:19 -0400, Michael Orlitzky wrote:
>
> The old version will show up as liblzma.so.5.6.1. Restart anything that
> uses it.
Or liblzma.so.5.6.0
https://piaille.fr/@zeno/112185928685603910
There's an ENV var you can set that is a kill switch for the whole thing :)
On 4/1/2024 1:29 AM, Michael Orlitzky wrote:
On Sun, 2024-03-31 at 18:19 -0400, Michael Orlitzky wrote:
The old version will show up as liblzma.so.5.6.1. Restart anything th
On Mon, 2024-04-01 at 01:32 +0300, Alexandru N. Barloiu wrote:
> https://piaille.fr/@zeno/112185928685603910
>
> There's an ENV var you can set that is a kill switch for the whole thing :)
>
For the part that we found :)
The author of the backdoor had commit access to the upstream repository
fo
No argument from me. That JiaTan dude had other projects forked he was
looking at. And none of them are good news. zstd. lz4. libarchive.
squashfs-tools. But still, I think its good news if people already
figured how to turn it off in a few days.
On 4/1/2024 1:36 AM, Michael Orlitzky wrote:
17 matches
Mail list logo