Em 30 de março de 2024 13:00:26 GMT-03:00, Marco d'Itri <m...@linux.it> escreveu: >On Mar 30, Jonathan Carter <j...@debian.org> wrote: > >> Another big question for me is whether I should really still >> package/upload/etc from an unstable machine. It seems that it may be prudent >If we do not use unstable for development then who is going to? >I think that the real question is whether we should really still use >code-signing keys which are not stored in (some kind of) HSM. > The backdoor was discovered by someone using the compromised xz-utils *in their own machines*. So we are lucky we have people eating our own sid stuff before it becomes part of a stable release.
- Re: xz backdoor Todd Zullinger
- Re: xz backdoor Andreas Metzler
- Re: xz backdoor Pierre-Elliott Bécue
- Re: xz backdoor Carlos Henrique Lima Melara
- Re: xz backdoor Roberto C . Sánchez
- Re: xz backdoor Andrey Rakhmatullin
- Re: xz backdoor Joerg Jaspert
- Re: xz backdoor Pierre-Elliott Bécue
- Re: xz backdoor Michael Shuler
- Re: xz backdoor Pierre-Elliott Bécue
- Re: xz backdoor Santiago Ruano Rincón
- Re: xz backdoor Pierre-Elliott Bécue
- Re: xz backdoor Leandro Cunha
- Re: xz backdoor Christian Kastner
- Re: xz backdoor Santiago Ruano Rincón
- Re: xz backdoor Andrey Rakhmatullin
- Re: xz backdoor Bastian Blank
- Re: xz backdoor Simon Josefsson
- Re: xz backdoor Luca Boccassi
- Re: xz backdoor Iustin Pop
- Re: xz backdoor Pierre-Elliott Bécue
