testeronious@lemmy.world to Linux · 8 months agoXZ Utils is back on GitHub and Lasse Collin has been unbannedgithub.comexternal-linkmessage-square58fedilinkarrow-up1495arrow-down15cross-posted to: linux@lemmy.world
arrow-up1490arrow-down1external-linkXZ Utils is back on GitHub and Lasse Collin has been unbannedgithub.comtesteronious@lemmy.world to Linux · 8 months agomessage-square58fedilinkcross-posted to: linux@lemmy.world
minus-squarexlash123@sh.itjust.workslinkfedilinkarrow-up276·8 months agoCommit 77a294d Update maintainer and author info. The other maintainer suddenly disappeared. Lmao, that’s putting it lightly.
minus-square7eter@feddit.delinkfedilinkarrow-up171·8 months agothe other maintainer now has a special place: Special author: Jia Tan was a co-maintainer in 2022-2024. He and the team behind him inserted a backdoor (CVE-2024-3094) into XZ Utils 5.6.0 and 5.6.1 releases. He suddenly disappeared when this was discovered.
minus-squarerollingflower@lemmy.kde.sociallinkfedilinkDeutscharrow-up49·edit-28 months agoRIP Jia Tan
minus-squareintrepid@lemmy.calinkfedilinkarrow-up4arrow-down29·8 months agoI don’t think they would be in much peace. It was years of their work that was ruined by a person with OCD and valgrind.
minus-squarerollingflower@lemmy.kde.sociallinkfedilinkDeutscharrow-up75arrow-down2·8 months agoCan we stop calling a good software dev autistic or stuff?
minus-squareautokludge@programming.devlinkfedilinkEnglisharrow-up75·edit-28 months ago - Backdoors are bad for security.
minus-squaremutter9355@discuss.tchncs.delinkfedilinkarrow-up3·8 months agoI like how the first point made is that the backdoor violates the Debian Free Software Guidelines, as if that’s the main problem
Commit 77a294d
Lmao, that’s putting it lightly.
the other maintainer now has a special place:
RIP Jia Tan
I don’t think they would be in much peace. It was years of their work that was ruined by a person with OCD and valgrind.
Can we stop calling a good software dev autistic or stuff?
Hmm yes.
The floor is made out of floor
I like how the first point made is that the backdoor violates the Debian Free Software Guidelines, as if that’s the main problem