> The quick summary is that Guix currently shouldn't be affected
> because a) Guix currently packages xz 5.2.8, which predates the
> backdoor, and b) the backdoor includes checks based on absolute
> paths e.g. under /usr and Guix executable paths generally don't
> match the patterns checked for.
and guix doesn't use systemd that patches sshd -- a critical piece of security
-- in a way that made the backdoor possible...
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“War is a moral contest that is won in the temples before it is ever fought.”
— Sun Tzu (c. 6th century BC), author of 'The Art of War' (as
paraphrased by Jack Kennedy)
