On Sat, Mar 30, 2024 at 10:28:04AM +0100, Bastian Blank wrote:
> We have a suite with some project management capabilities: salsa. Let's
> just use it instead of ad-hoc tools. I don't think we have something
> better right now?
This is now https://salsa.debian.org/ftp-team/xz-2024-incident/
On Fri, Mar 29, 2024 at 11:59:38PM +0100, Ansgar wrote:
> Should we also reset the archive to some prior state and rebuilt
> packages like Ubuntu? Do we need to revert to an earlier date as
> vulnerable versions have been uploaded to experimental on 2024-02-01
> (but the earlier version might
Hi,
On 2024-03-29 23:59, Ansgar wrote:
> Hi,
>
> how should we react to the compromised xz-utils upload?
>
> Ubuntu is reverting their amd64 binaries to pre-Feb 25 and rebuilding
> stuff.
>
> On Debian side AFAIU currently amd64 buildds are paused and pending
> reinstall (plus rotation of
Ansgar wrote on 29/03/2024 at 23:59:38+0100:
> Hi,
>
> how should we react to the compromised xz-utils upload?
>
> Ubuntu is reverting their amd64 binaries to pre-Feb 25 and rebuilding
> stuff.
>
> On Debian side AFAIU currently amd64 buildds are paused and pending
> reinstall (plus rotation
Hi,
how should we react to the compromised xz-utils upload?
Ubuntu is reverting their amd64 binaries to pre-Feb 25 and rebuilding
stuff.
On Debian side AFAIU currently amd64 buildds are paused and pending
reinstall (plus rotation of key material, both OpenPGP and SSH).
People are starting to
5 matches
Mail list logo