[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: backdoor injection via release tarballs combined with binary artifac
|
From: |
Andreas Enge |
|
Subject: |
Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils) |
|
Date: |
Thu, 11 Apr 2024 15:49:48 +0200 |
Am Thu, Apr 11, 2024 at 02:56:24PM +0200 schrieb Ekaitz Zarraga:
> I think it's just better to
> obtain the exact same code that is easy to find
The exact same code as what? Actually I often wonder when looking for
a project and end up with a Github repository how I could distinguish
the "original" from its clones in a VCS. With the signature by the
known (this may also be a wrong assumption, admittedly) maintainer
there is at least some form of assurance of origin.
> and everybody is reading.
This is a steep claim! I agree that nobody reads generated files in
a release tarball, but I am not sure how many other files are actually
read.
Andreas
- backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Giovanni Biscuolo, 2024/04/04
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Attila Lendvai, 2024/04/04
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Giovanni Biscuolo, 2024/04/04
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Attila Lendvai, 2024/04/04
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Ekaitz Zarraga, 2024/04/04
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Ludovic Courtès, 2024/04/10
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Andreas Enge, 2024/04/11
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Ekaitz Zarraga, 2024/04/11
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils),
Andreas Enge <=
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Ekaitz Zarraga, 2024/04/11
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Giovanni Biscuolo, 2024/04/13
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Skyler Ferris, 2024/04/13
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Giovanni Biscuolo, 2024/04/13
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Skyler Ferris, 2024/04/14
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Skyler Ferris, 2024/04/13
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Ludovic Courtès, 2024/04/19
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Attila Lendvai, 2024/04/12
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Ludovic Courtès, 2024/04/12
- Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils), Giovanni Biscuolo, 2024/04/13