backdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comcross-posted to: technologie@jlai.lunetsec@links.hackliberty.orgprogramming@programming.devhackernews@lemmy.smeargle.fanssecurity@lemmy.ml Atemu ( @Atemu@lemmy.ml ) Linux@lemmy.ml • 3 months ago message-square70fedilinkarrow-up1337
arrow-up1337external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.com Atemu ( @Atemu@lemmy.ml ) Linux@lemmy.ml • 3 months ago message-square70fedilinkcross-posted to: technologie@jlai.lunetsec@links.hackliberty.orgprogramming@programming.devhackernews@lemmy.smeargle.fanssecurity@lemmy.ml
minus-square Daniel Quinn ( @danielquinn@lemmy.ca ) linkfedilinkEnglish1•3 months agoWhy didn’t this become a thing? Surely in 2024, we should be able to build packages from source and sign releases with a private key.
minus-square Natanael ( @Natanael@slrpnk.net ) linkfedilink3•3 months agoIt’s becoming more of a thing but a lot of projects are so old that they haven’t been able to fix their entire build process yet
Why didn’t this become a thing? Surely in 2024, we should be able to build packages from source and sign releases with a private key.
It’s becoming more of a thing but a lot of projects are so old that they haven’t been able to fix their entire build process yet