On Mon, Apr 01, 2024 at 09:46:12PM +0200, Reza Housseini wrote: > Just stumbled upon this recently discovered supply chain attack on xz, > inserting a backdoor via test files [1, 2]. And it made me wondering, what > would have been the effects on guix and how can we potentially avoid it?
There's actually suspicious code by the xz attacker in one of our packages right now: https://issues.guix.gnu.org/issue/70113 Please help review that patch!
signature.asc
Description: PGP signature
