A decompression implementation all in rust it would seem.
https://github.com/gendx/lzma-rs
On Sat, Mar 30, 2024 at 12:36 PM Eddie Chapman wrote:
> Stefan Schmiedl wrote:
> > -- Original Message --
> >
> >> From "Eddie Chapman"
> >>
> > To gentoo-dev@lists.gentoo.org
> > Date
On 3/30/24 11:17 AM, Eddie Chapman wrote:
> Yes that's a very good point, that was something I was wondering in
> weighing up both sides, what the costs would be practically, as I don't
> know the realities of running Gentoo infrastructure. And maybe the costs
> is just too high of a price to pay.
On 3/29/24 11:07 PM, Eddie Chapman wrote:
> Given what we've learnt in the last 24hrs about xz utilities, you could
> forgive a paranoid person for seriously considering getting rid entirely
> of them from their systems, especially since there are suitable
> alternatives available. Some might say
"Eddie Chapman" writes:
> Given what we've learnt in the last 24hrs about xz utilities, you could
> forgive a paranoid person for seriously considering getting rid entirely
> of them from their systems, especially since there are suitable
> alternatives available. Some might say that's a bit
Eddie Chapman wrote:
> Michał Górny wrote:
>
>> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
>>
>>
>>> Note, I'm not advocating ripping xz-utils out of tree, all I'm saying
>>> is wouldn't it be nice if there were at least 2 alternatives to
>>> choose from? That doesn't have to be
# Michał Górny (2024-03-30)
# NIH package that was added for dev-python/setuptools but is no longer
# used there.
# Removal on 2024-04-29. Bug #928270.
dev-python/nspektr
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
Stefan Schmiedl wrote:
> -- Original Message --
>
>> From "Eddie Chapman"
>>
> To gentoo-dev@lists.gentoo.org
> Date 30.03.2024 16:17:19
> Subject Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo
>
>> Michał Górny wrote:
>>
>>> On Sat, 2024-03-30 at 14:57 +, Eddie
Rich Freeman wrote:
> On Sat, Mar 30, 2024 at 10:57 AM Eddie Chapman wrote:
>
>> No, this is the the bad actor *themselves* being a
>> principal author of the software, working stealthily and in very
>> sophisticated ways for years, to manoeuvrer themselves and their
>> software into a position
-- Original Message --
From "Eddie Chapman"
To gentoo-dev@lists.gentoo.org
Date 30.03.2024 16:17:19
Subject Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo
Michał Górny wrote:
On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
Note, I'm not advocating ripping
Eddie Chapman wrote:
> Michał Górny wrote:
>> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
>>
>>> Note, I'm not advocating ripping xz-utils out of tree, all I'm saying
>>> is wouldn't it be nice if there were at least 2 alternatives to choose
>>> from? That doesn't have to be disruptive
Michał Górny wrote:
> On Sat, 2024-03-30 at 15:17 +, Eddie Chapman wrote:
>
>> Michał Górny wrote:
>>
>>> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
>>>
>>>
Note, I'm not advocating ripping xz-utils out of tree, all I'm
saying is wouldn't it be nice if there were at
On Sat, 2024-03-30 at 15:17 +, Eddie Chapman wrote:
> Michał Górny wrote:
> > On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
> >
> > > Note, I'm not advocating ripping xz-utils out of tree, all I'm saying
> > > is wouldn't it be nice if there were at least 2 alternatives to choose
>
On Sat, 30 Mar 2024 16:02:25 +0100
Michał Górny wrote:
> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
> > Note, I'm not advocating ripping xz-utils out of tree, all I'm
> > saying is wouldn't it be nice if there were at least 2 alternatives
> > to choose from? That doesn't have to be
Michał Górny wrote:
> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
>
>> Note, I'm not advocating ripping xz-utils out of tree, all I'm saying
>> is wouldn't it be nice if there were at least 2 alternatives to choose
>> from? That doesn't have to be disruptive in any way, people who wish
On Sat, Mar 30, 2024 at 10:57 AM Eddie Chapman wrote:
>
> No, this is the the bad actor *themselves* being a
> principal author of the software, working stealthily and in very
> sophisticated ways for years, to manoeuvrer themselves and their software
> into a position of trust in the ecosystem
On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
> Note, I'm not advocating ripping xz-utils out of tree, all I'm saying is
> wouldn't it be nice if there were at least 2 alternatives to choose from?
> That doesn't have to be disruptive in any way, people who wish to continue
> using and
Rich, Duncan, Dale, orbea, you have to admit the situation with xz-utils
is nothing like the typical scenario people usually worry about, where a
bad actor manages to compromise a project and slip something into a widely
used piece of software. No, this is the the bad actor *themselves* being a
# James Le Cuirot (2024-03-30)
# Old, ugly, broken, and requires OSS sound. Removal on 2024-04-30.
# Bug #928066.
games-sports/gracer
signature.asc
Description: This is a digitally signed message part
On Sat, Mar 30, 2024 at 3:06 AM Dale wrote:
>
> when I got to the part about it not likely to affect Gentoo, my level of
> concern dropped significantly. If this is still true, there's no need to be
> concerned.
"not likely" is the best way to characterize this. The exploit has
not been
Dale posted on Sat, 30 Mar 2024 02:06:26 -0500 as excerpted:
> Gentoo has some awesome devs.
Agreed with the whole thing and the above is a bit of an aside from the
thread, but it's worth repeating!
Thanks devs! (And security contributors, infra providers, testers,
tinder-box runners, bug
orbea wrote:
> On Sat, 30 Mar 2024 03:07:13 -
> "Eddie Chapman" wrote:
>
>> Given what we've learnt in the last 24hrs about xz utilities, you
>> could forgive a paranoid person for seriously considering getting rid
>> entirely of them from their systems, especially since there are
>> suitable
21 matches
Mail list logo
