If that’s working, it could at least be on an user personnal page on the
wiki as well.
Le 04/04/2024 à 10:32, Sam James a écrit :
Eli Schwartz writes:
On 4/3/24 11:30 AM, Eddie Chapman wrote:
Just to report I've been able to remove app-arch/xz-utils from my own
workstation, with 2412
Sorry but I wanted to add something to what is written below:
I'll insist as other did before: An other alternative would be to start
your own overlay, push something to help Gentoo's dev, anything, because
saying more or less "Do that because actually it's bad" is something
rarely
Helping with any of these three would certainly be reasonable. But
demanding a *LOT* of work to alternative-force an already attack-reverted
package, when we actually KNOW about that one, it's reverted to pre-attack
and there's likely to be no more mischief there /because/ everybody's
looking
Thanks for clarifying that, it wasn't clear to me when I read the
earlier e-mail.
Personally I think the long term solution is to identify critical code
bases that have a low bus factor before the bad actors do and make a
concentrated community effort to help audit and maintain these code
bases.
