Skip to main content

Search

Items tagged with: xz


Three years ago, #FDroid had a similar kind of attempt as the #xz #backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection #vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now

https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889


I've found the best #meme about #xz #backdoor.


The abusive behavior that was being used to manipulate Lasse Collin into bringing on more maintainers for #xz went unnoticed because abusive behavior in Open Source communities is so pervasive. In context, we can clearly see it was part of an orchestrated operation. Out of context, it looks like just another asshole complaining about stuff they have no right to complain about. https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/
#xz


Github has disabled the https://github.com/tukaani-project/xz repository

That seems a bit of a problem for everyone who needs to understand the past activity there in order to fully address the #xz backdoor. Sheesh

I have a clone from today if anyone needs it.

#xz

Lo, thar be cookies on this site to keep track of your login. By clicking 'okay', you are CONSENTING to this.