Hi Guixers
Just stumbled upon this recently discovered supply chain attack on xz,
inserting a backdoor via test files [1, 2]. And it made me wondering,
what would have been the effects on guix and how can we potentially
avoid it?
Stay safe!
Reza
[1] https://www.openwall.com/lists/oss-securi
Hi Reza,
On Monday, April 1st, 2024 at 12:46 PM, Reza Housseini
wrote:
>
>
> Hi Guixers
>
> Just stumbled upon this recently discovered supply chain attack on xz,
> inserting a backdoor via test files [1, 2]. And it made me wondering,
> what would have been the effects on guix and how can we
April 1, 2024 at 3:46 PM, "Reza Housseini" wrote:
>
> Hi Guixers
>
> Just stumbled upon this recently discovered supply chain attack on xz,
>
> inserting a backdoor via test files [1, 2]. And it made me wondering,
>
> what would have been the effects on guix and how can we potentially
>
> The quick summary is that Guix currently shouldn't be affected
> because a) Guix currently packages xz 5.2.8, which predates the
> backdoor, and b) the backdoor includes checks based on absolute
> paths e.g. under /usr and Guix executable paths generally don't
> match the patterns checked for.
just a heads' up:
after pulling the gnome changes i was unable to log in (empty screen with
frozen pointer after the password).
`herd restart elogind` can be used to get back to the login screen.
i could fix it using the following steps:
1. move away my ~/.local/share/gnome-shell/extensions/
On Mon, Apr 01, 2024 at 09:46:12PM +0200, Reza Housseini wrote:
> Just stumbled upon this recently discovered supply chain attack on xz,
> inserting a backdoor via test files [1, 2]. And it made me wondering, what
> would have been the effects on guix and how can we potentially avoid it?
There's a
Hi,
On 3/29/24 11:10, Ludovic Courtès wrote:
>
> [...]
OK, I’ll push it shortly, but…
Lars Bilke skribis:
thanks Ada for bringing this issue up again. I get the same error on
`guix pull` almost always when I am on my enterprise
network. Re-running `guix pull` a second time also almost alway
