On Fri, Mar 29, 2024 at 07:00:37PM +0100, Kevin Kofler via devel wrote: > Hi, > > wow: https://www.openwall.com/lists/oss-security/2024/ > > I think at this point we clearly cannot trust xz upstream anymore and should > probably fork the project.
I kind of agree here, though it saddens me to say it. Any commit or release by "Jia Tan" or "Hans Jansen" [1] is suspect until proven otherwise, and those go back 2 or more years. Rich. [1] Putting quotes here because those are almost certainly not real peoples' names. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
