On Fri, 2025-02-14 at 14:51 -0700, home user via users wrote: > On 2/14/25 3:49 AM, Patrick O'Callaghan wrote: > > On Thu, 2025-02-13 at 23:32 -0800, Samuel Sieb wrote: > > > Those tools are not going to provide any useful help. > > > > I tend to agree. I've never used either of them and have had no > > consequences as a result. Linux can have security issues of course, but > > my feeling is that they are much more likely to come from phishing or > > from supply-chain attacks, which rootkit detectors aren't going to > > catch. > > > > poc > > Thank-you Samuel and Patrick. > > I'm all for "redeeming" a few minutes each week! > > supply-chain attack? I've not heard of that one before.
An example of a supply-chain attack would be the (fortunately failed) attempt at subverting the XZ source code: https://en.wikipedia.org/wiki/XZ_Utils_backdoor which was caught in time by an alert guy from Microsoft of all places. > I'd ask what's next, but I fear I won't like the answer. > And I'm concerned that the answer will "help" the malicious people/groups > that are snooping and harvesting this list for e-mail addresses and names. That's absolutely the wrong attitude. People need to be aware of potential vulnerabilities. Clearly there are sensible conventions about disclosure in order to give developers time to correct errors, but secrecy is the enemy of quality. That's one reason we use free software. poc -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
