Re: xz backdoor

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xz backdoor

From:	Leo Famulari
Subject:	Re: xz backdoor
Date:	Mon, 1 Apr 2024 19:27:10 -0400

On Mon, Apr 01, 2024 at 09:46:12PM +0200, Reza Housseini wrote:
> Just stumbled upon this recently discovered supply chain attack on xz,
> inserting a backdoor via test files [1, 2]. And it made me wondering, what
> would have been the effects on guix and how can we potentially avoid it?

There's actually suspicious code by the xz attacker in one of our
packages right now:

https://issues.guix.gnu.org/issue/70113

Please help review that patch!

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

xz backdoor, Reza Housseini, 2024/04/01
- Re: xz backdoor, Kaelyn, 2024/04/01
  - Re: xz backdoor, Attila Lendvai, 2024/04/01
- Re: xz backdoor, jbranso, 2024/04/01
- Re: xz backdoor, Leo Famulari <=
  - Re: xz backdoor, Attila Lendvai, 2024/04/02
    - Re: xz backdoor, adanskana, 2024/04/02
    - Re: xz backdoor, Ryan Prior, 2024/04/02

Prev by Date: Re: Emacs and Gnome branches are merged now
Next by Date: Re: Error handling when 'guix substitute' dies
Previous by thread: Re: xz backdoor
Next by thread: Re: xz backdoor
Index(es):
- Date
- Thread