> The quick summary is that Guix currently shouldn't be affected > because a) Guix currently packages xz 5.2.8, which predates the > backdoor, and b) the backdoor includes checks based on absolute > paths e.g. under /usr and Guix executable paths generally don't > match the patterns checked for.
and guix doesn't use systemd that patches sshd -- a critical piece of security -- in a way that made the backdoor possible... -- • attila lendvai • PGP: 963F 5D5F 45C7 DFCD 0A39 -- “War is a moral contest that is won in the temples before it is ever fought.” — Sun Tzu (c. 6th century BC), author of 'The Art of War' (as paraphrased by Jack Kennedy)