I also appreciate the heads-up on this as I literally do have better things to
do than spend an hour every day reviewing security exploit mailing lists. 😉
Coming from a FreeBSD background this is why I have never liked the "yum
install" and apt-get" things that the Linux userbase take for grante
Looks like there is no xz-utils in Arch, and it's not installed by default
in Pop_OS, FWIW...
On Sat, Apr 6, 2024 at 2:24 PM Ted Mittelstaedt
wrote:
> I also appreciate the heads-up on this as I literally do have better
> things to do than spend an hour every day reviewing security exploit
> mai
On 4/5/24 10:36, wes wrote:
> I'm surprised to see that no one has mentioned this on PLUG yet, though
> it's been flying around the rest of the tech sphere on the internet pretty
> heavily over the last week. I will share it here in case any list member
> hasn't seen it yet elsewhere and if anyone
"Ya'll can keep yer fancy pants linux distros with yer systemd, dpkg/apt/yum
and other silliness."
Thanks! I will! It wasn't a problem for me! =)
"The most troubling aspect is that there's too little supervision of changes in
projects."
Nope! It's far less about supervision and far more about process. Especially in
the FOSS world, which relies heavily on peer review & the user community to
ferret out bad code as happened in this cause by
Ah but I suspect in all of your supervision of employees you never had an
employee who was under contract from the Russian military, and probably being
paid millions of rubles or whatever they are using there, at the same time you
were supervising them, who's job was to pwn the project for his a
