On Fri, 29 Mar 2024 18:50:35 +0100, Rainer Müller wrote: > > > In [1] they mention reverting to 5.4.5 to fix it. It's not 100% clear > > from that whether 5.4.6 is affected, but it sounds like it's not. Since > > MacPorts is currently at 5.4.6, the port is probably OK as long as it > > doesn't do any overzealous upgrading. > > The xz port was updated to 5.6.1 just two days ago: > https://github.com/macports/macports-ports/commit/784e59f99e51adbadc663b1b689d66363adf193a > > Based on the current information, the risk seems low for macOS system. > Should we still be cautious and revert to version 5.4.6 and bump the > epoch to force a downgrade for everyone? Or do we expect a new upstream > release soon to sort this out? >
Better to rollback version and communicate somehow that it is paranoia. -- wbr, Kirill