Hi, so 30. 3. 2024 v 16:31 odesílatel Daniel Golle <dan...@makrotopia.org> napsal: > Hiding a malicious change in a commit is infinitely harder than hiding > it in a tarball.
Just a note: The malicious code was part of the tarball because it was part of the main Git repository in the first place. Using Git would not help in any way in this particular case. Just check [1] together with findings [2]. [1]: https://git.tukaani.org/?p=xz.git;a=shortlog [2]: https://boehs.org/node/everything-i-know-about-the-xz-backdoor Cheers Oldrich. _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel