Niltze [Hello]-
This weekend has been distressful in terms of security for those of us
who use any Linux derivative(s) as the XZ/liblzma security issue was
'discovered'.
< https://www.openwall.com/lists/oss-security/2024/03/29/4 >
I also followed the now disabled GitHub repo
< https://github.com/tukaani-project/xz/issues/92 >
where they had a frank interaction as the situation was emerging.
Initially, one of the entities referred to something along the phrase of
"it had to be a 'chink'", i.e., the committer who had been gradually
introducing the backdoor into the XZ/liblzma source code. Yet, in the
Internet *anyone* can utilize any name and does not necessarily reflect
the prejudices inherent in others. I still remember a phrase, probably a
cliche by now, during the early phase of Internet being embraced where
'no one would know if you were a dog using the Internet'. Fact is that
no one knows if behind a particular screen name/email at gmail[.]com,
there was a major intelligence organization from *any* country -- yes,
even from the West, i.e., Vault 7 anyone? for which Julian Assange is
being tortured by the AngloSaxons' and their 'rules-based order'.
Possibly unrelated but AT&T got hacked, and they barely realized that
some (all?) of its customers' personal data ended up in the so-called
Dark Web.
And then reading through the OpenWall threads there is a link to
terminal emulators vulnerabilities
<
https://dgl.cx/2023/09/ansi-terminal-security#vulnerabilities-using-known-replies
>
where its author lists Terminology as to be avoided, but:
"add option to disable terminology escape codes that could be considered
security issues by some. They are enabled by default"
<
https://git.enlightenment.org/enlightenment/terminology/commit/144e0b5068aa25b7fce822a94101586f374aa236
>
Question:
If I add that option to the current source code of Terminology, what
functionality would I lose?
--
Best Professional Regards.
P.S. In retrospect, the patches that I developed for Metztli Reiser4
basically had ZSTD as the kernel de/compressor instead of the usual XZ
used in Debian default. Nevertheless, xz/liblzma allegely touches even
Systemd, which the Distro maintainers have pushed against the will of
many users downstream --including myself. It is one thing to have a
local Systemd-free operating system(s) -- which can be tinkered and
fixed when it breaks with a given 'official' repository update; yet, it
is another thing to attempt a Systemd-free remote bare metal or virtual
instance(s) where it is not so easy to fix after a given update breaks
it.
--
Jose R R
http://metztli.it
---------------------------------------------------------------------------------------------
Download Metztli Reiser4: Debian Bullseye w/ Linux 5.16.20 AMD64
---------------------------------------------------------------------------------------------
feats ZSTD compression https://sf.net/projects/metztli-reiser4/
-------------------------------------------------------------------------------------------
Official current Reiser4 resources: https://reiser4.wiki.kernel.org/
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel