Saturday, March 30, 2024

Re: lcamtuf on the recent xz debacle

I will briefly add a few links where the issue is further debated for those who are interested:

30. 3. 2024 v 11:33, Peter N. M. Hansteen <peter@bsdly.net>:

While this issue does not in fact affect OpenBSD, I think it will still be
of interest to OpenBSD users -- a lot of us deal with Linux in our dayjobs,
after all.

This is one of the best explanations of the matter I have seen so far:
https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor

and it leads in with a quote to remember -

"This dependency existed not because of a deliberate design decision
by the developers of OpenSSH, but because of a kludge added by some
Linux distributions to integrate the tool with the operating
system's newfangled orchestration service, systemd."

Enjoy!


--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

No comments:

Post a Comment