Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
joeyh
on March 29, 2024
|
parent
|
context
|
favorite
| on:
Backdoor in upstream xz/liblzma leading to SSH ser...
Not really. xz worked fine 2 years ago. Roll back to 5.3.1 and apply a fix for the 1 security hole that was fixed since that old version. (ZDI-CAN-16587)
Slight oversimplification, see
https://bugs.debian.org/1068024
discussion.
kelseydh
on April 3, 2024
[–]
This seems true with so many of these core libraries. Change for the sake of change introduces attack vectors. If it ain't broke, don't fix it!
account42
on April 3, 2024
|
parent
[–]
Yeah but people will cry "dead project" if there hasn't been a release for a week.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Slight oversimplification, see https://bugs.debian.org/1068024 discussion.