On 31.03.24 01:07, Elliott Mitchell wrote:
On Sat, Mar 30, 2024 at 03:30:49PM +, Daniel Golle wrote:
unchanged. Git has a lot of security built-in, and by using tarballs
as a base for our package builds we are basically throwing all that
away, for the sake of saving a negligible amount of r
Reordering since I want to respond to different bits in a different
order...
On Sat, Mar 30, 2024 at 03:30:49PM +, Daniel Golle wrote:
>
> Hiding a malicious change in a commit is infinitely harder than hiding
> it in a tarball.
Yet most of the exploit/payload found so far was in commits, dis
Hi,
so 30. 3. 2024 v 16:31 odesílatel Daniel Golle napsal:
> Hiding a malicious change in a commit is infinitely harder than hiding
> it in a tarball.
Just a note: The malicious code was part of the tarball because it was
part of the main Git repository in the first place. Using Git would
not he
Hi everyone!
you may all have heard and read about CVE-2024-3094. If not, please do
so now [1], [2].
This incident has exposed many long standing issues and should not be
seen as a singular event, but rather as the result of several
unhealthy patterns. And while OpenWrt was not affected by the
re
Hi,
tl;dr OpenWrt seems to be not affected by the CVE-2024-3094
As you may be aware, malicious code was identified[1] in the xz upstream
tarballs starting from version 5.6.0. The development snapshots of OpenWrt
were utilizing this compromised library version.
Fortunately, the snapshots builds r
Hello,
This is in reference to this patchset:
https://patchwork.ozlabs.org/project/openwrt/patch/1553868440-26476-3-git-send-email-yn...@true.cz/
I am unable to find an option to disable padding to x86 images as it is
taking a lot of time to build and flash the images of size 16 / 32 GB.
Tha
