why does everyone keep mentioning arch?
Comment on How does the xz incident impacts the average user ? #xz
lordnikon@lemmy.world 7 months ago
only someone running arch or debian sid or an bleeding edge rolling release on an internet exposed ssh port. the idea of that configuration would sound ludicrous. even so we should be building off git repos not tar balls.
the weird part this situation has made me feel safer. the amount of work that went into social engineering this and it only lasted a month tops for people that run distros that would just not be or should not be used as an exposed server ever.
it shows open source works. This is more embarrassing than anything and we deserve it. We need to pay core library devs and have a mechanism that core libraries can be handed off to a trusted org.while another upstream maintainer can be found or the project shut down and other projects move away from the un maintained project. When the person maintaining the project gets burned out or has other issues.
vrighter@discuss.tchncs.de 7 months ago
Glitchington@lemmy.world 7 months ago
From the archlinux.org news post on the issue.
lordnikon@lemmy.world 7 months ago
oh 100% i was just taking in general of upstream bleeding edge distro being vulnerable to this kind of upstream attack not specific to xz