No argument from me. That JiaTan dude had other projects forked he was
looking at. And none of them are good news. zstd. lz4. libarchive.
squashfs-tools. But still, I think its good news if people already
figured how to turn it off in a few days.
On 4/1/2024 1:36 AM, Michael Orlitzky wrote:
On Mon, 2024-04-01 at 01:32 +0300, Alexandru N. Barloiu wrote:
> https://piaille.fr/@zeno/112185928685603910
>
> There's an ENV var you can set that is a kill switch for the whole thing :)
>
For the part that we found :)
The author of the backdoor had commit access to the upstream repository
https://piaille.fr/@zeno/112185928685603910
There's an ENV var you can set that is a kill switch for the whole thing :)
On 4/1/2024 1:29 AM, Michael Orlitzky wrote:
On Sun, 2024-03-31 at 18:19 -0400, Michael Orlitzky wrote:
The old version will show up as liblzma.so.5.6.1. Restart anything
On Sun, 2024-03-31 at 18:19 -0400, Michael Orlitzky wrote:
>
> The old version will show up as liblzma.so.5.6.1. Restart anything that
> uses it.
Or liblzma.so.5.6.0
On Sun, 2024-03-31 at 12:04 -0400, Rich Freeman wrote:
>
> It is not necessary to rebuild anything, unless you're doing something
> so unusual that you'd already know the answer to the question.
>
You should probably reboot afterwards though.
For a more fine-grained approach, you can check for
On Sun, Mar 31, 2024 at 5:36 PM Wol wrote:
>
> On 31/03/2024 20:38, Håkon Alstadheim wrote:
> > For commercial entities, the government could just contact the company
> > and apply pressure, no need to sneak the backdoor in. Cf. RSA .
>
> Serving a "secret compliance" notice on a third party is
On 31/03/2024 20:38, Håkon Alstadheim wrote:
For commercial entities, the government could just contact the company
and apply pressure, no need to sneak the backdoor in. Cf. RSA .
Apply pressure to who? At the end of the day, the only people the
government can trust are their own agents.
I think in the past, the service file had a -v. Somewhere near the
present, they reverted to a non -v service file. So if you keep
upgrading distcc, prolly the service file still has a -v from past
installations. If you uninstall it, and install it again, then prolly
you got the new service
/etc/systemd/system/distccd.service.d/00gentoo.conf or the service file.
has to be. there cant be anything else. that's how distcc behaves when
started with -v. do a ps axw. figure out where the -v is coming from.
maybe a systemctl daemon-reload && systemctl restart distccd. cant be
anything
On 3/31/24 13:59, Alexandru N. Barloiu wrote:
think the distcc.service file has an extra -v (--verbose). if you remove
that, it will behave as expected.
I checked all the units on one of the machines still showing the problem
and an extra '-v' is not present in any of the files.
That's a
think the distcc.service file has an extra -v (--verbose). if you remove
that, it will behave as expected.
On 3/31/2024 11:57 PM, Daniel Frey wrote:
On 3/29/24 22:38, Daniel Frey wrote:
Hi all,
I've moved a couple of machines from openrc to systemd.
I have discovered this odd problem. On
On 3/29/24 22:38, Daniel Frey wrote:
Hi all,
I've moved a couple of machines from openrc to systemd.
I have discovered this odd problem. On openrc, distcc was quiet during
building packages. It would obey environment variable set in /etc/env.d:
DISTCC_DIR=/var/distcc
Den 31.03.2024 14:33, skrev Rich Freeman:
(moving this to gentoo-user as this is really getting off-topic for -dev)
It might also happen with commercial software, but the challenge there
is HR as you can't just pay 1 person to masquerade as 10 when they all
need to deal with payroll taxes.
On Sun, Mar 31, 2024 at 10:59 AM Michael wrote:
>
> On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
> > (moving this to gentoo-user as this is really getting off-topic for -dev)
>
> Thanks for bringing this to our attention Rich.
>
> Is downgrading to app-arch/xz-utils-5.4.2 all that is
On 3/31/24 07:59, Michael wrote:
On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
(moving this to gentoo-user as this is really getting off-topic for -dev)
Thanks for bringing this to our attention Rich.
Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are
we
On Sunday, 31 March 2024 13:33:20 BST Rich Freeman wrote:
> (moving this to gentoo-user as this is really getting off-topic for -dev)
Thanks for bringing this to our attention Rich.
Is downgrading to app-arch/xz-utils-5.4.2 all that is needed for now, or are
we meant to rebuilding any other/all
(moving this to gentoo-user as this is really getting off-topic for -dev)
On Sun, Mar 31, 2024 at 7:32 AM stefan1
wrote:
>
> Had I seen someone say that a bad actor would spend years gaining the
> trust of FOSS
> project maintainers in order to gain commit access and introduce such
>
17 matches
Mail list logo
