Achim Gratz strom...@nexgo.de wrote: > Beyond that, the version 5.4.6 that everybody is currently reverting to > (and is also still available for Cygwin if you want to go back) was > already released when the presumed bad actor was co-maintainer and their > involvement goes back even farther based on the Xz developer mailing > list. The repository has been deactivated by GitHub so I can't check > there, but there is already some discussion about rolling back to 5.3.1 > or thereabouts.
The GitHub repo at <https://github.com/tukaani-project/xz> has been deactivated, but there's another xz repo (likely the original one) at <https://github.com/tukaani-project/xz>. The most recent commit in that repo is "CMake: Fix sabotaged Landlock sandbox check.". I have no inside knowledge about any of this. I'm running the Cygwin setup right now. It reverts the xz package from 5.6.1-1 to 5.4.6-1. Only 5.4.2-1 and 5.4.6-1 are available. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
