Pierre-Elliott Bécue <p...@debian.org> wrote on 30/03/2024 at 00:23:52+0100:
> [[PGP Signed Part:Good signature from EE215B9FB8C45B0B Pierre-Elliott Bécue > <be...@crans.org> (trust ultimate) created at 2024-03-30T00:24:18+0100 using > RSA]] > Scott Kitterman <deb...@kitterman.com> wrote on 29/03/2024 at 22:37:46+0100: > >> On March 29, 2024 6:55:51 PM UTC, "Pierre-Elliott Bécue" <p...@debian.org> >> wrote: >>> >>>Matt Taggart <m...@lackof.org> wrote on 29/03/2024 at 17:14:24+0100: >>> >>>> On 3/29/24 04:11, Fabio Pedretti wrote: >>>>> Hi, I'd like to request the backports of xz-utils from bookworm to >>>>> bullseye. >>>> >>>> As long as it's the security fixed 5.6.1+really5.4.5-1 or newer. >>> >>>As long as we don't have a proper understanding of everything that >>>revolves around this backdoor thing, this is not a good idea to backport xz. >> >> The email address that purported to make the original request has a Salsa >> account with a private profile, which is IME not typical for Debian: >> >> https://salsa.debian.org/fabio-guest >> >> Is this person known to anyone in the project? > > I think not. > > We can ask salsa admins for hints regarding their activity. That being said, they were asking to bpo the bookworm version and not the trixie one, so it might be coincidential, as it's not supposed to be compromised. -- PEB
