• noddy@beehaw.org
    link
    fedilink
    arrow-up
    31
    ·
    9 months ago

    The scary thing about this is thinking about potential undetected backdoors similar to this existing in the wild. Hopefully the lessons learned from the xz backdoor will help us to prevent similar backdoors in the future.

      • jackpot
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        exactly, stop depending on esoteric libraries

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          It is fine to use them just know how they work and check the commit log.

          That of course requires you to pull from got instead of a tarball

          • billgamesh
            link
            fedilink
            arrow-up
            1
            ·
            9 months ago

            this was well hidden. not sure anyone would have spotted this by checking commit log

              • billgamesh
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                9 months ago

                i’m not an expert, but my reading was that it was hidden in a binary used for testing EDIT: oh yeah, i see what you mean