MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
not
Search

What we need to take away from the XZ Backdoor (openSUSE News)

Friday April 12, 2024. 03:55 PM , from LWN.net
Dirk Mueller has posted a
lengthy analysis of the XZ backdoor on the openSUSE News site, with a
focus on openSUSE's response.

Debian, as well as the other affected distributions like openSUSE
are carrying a significant amount of downstream-only patches to
essential open-source projects, like in this case OpenSSH. With
hindsight, that should be another Heartbleed-level learning for the
work of the distributions. These patches built the essential steps
to embed the backdoor, and do not have the scrutiny that they
likely would have received by the respective upstream
maintainers. Whether you trust Linus Law or not, it was not even
given a chance to chime in here. Upstream did not fail on the
users, distributions failed on upstream and their users here.
Read more at LWN.net
https://lwn.net/Articles/969591/

Related News

not Google Threatens To Cut Off News After California Proposes Paying Media Outlets SlashdotApr 13
opensuse Fox News, far-right podcasters ruined an innocent man's life by identifying him as a neo-Nazi shooter, alleges lawsuit BoingBoingApr 12
backdoor GNU Hurd ported to AArch64, and more Hurd news OS NewsApr 11
distributions Comedy band helps make news about Marjorie Taylor Greene slightly less nauseating BoingBoingApr 11
upstream What can be done to protect open source devs from next xz backdoor drama? TheRegisterApr 6
essential Former Fox News head: "Donald Junior is a pathetic, low IQ oaf, who spews ridiculous lies to please daddy" BoingBoingApr 5
like Republican news camera calls Donald Trump's bluff when he brags about crowd size (video) BoingBoingApr 3
what The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind Wired: Tech.Apr 3
patches Yahoo Is Buying Artifact, the AI News App From the Instagram Co-Founders SlashdotApr 3
here New XZ Backdoor Scanner Detects Implants In Any Linux Binary SlashdotApr 2
away [$] How the XZ backdoor works LWN.netApr 2
users The XZ Backdoor: Everything You Need to Know Wired: Tech.Apr 2
news Malicious xz backdoor reveals fragility of open source TheRegisterApr 1
take Malicious SSH backdoor sneaks into xz, Linux world's data compression library TheRegisterMar 29
need Backdoor in upstream xz/liblzma leading to SSH server compromise OS NewsMar 29
not Negativity Drives Online News Consumption SlashdotMar 29
opensuse A backdoor in xz LWN.netMar 29
backdoor Rachel Maddow pleads with NBC News to reconsider hiring their new traitor to democracy BoingBoingMar 26
distributions Good news: HMRC offers a Linux version of Basic PAYE Tools. Bad news: It broke TheRegisterMar 26
upstream Some personal news OS NewsMar 23
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Apr, Tue 30 - 03:02 CEST