Re: xz backdoor

To: debian-devel@lists.debian.org
Subject: Re: xz backdoor
From: Marco d'Itri <md@linux.it>
Date: Sat, 30 Mar 2024 22:21:47 +0100
Message-id: <[🔎] ZgiCa9Lcqjurh72N@bongo.bofh.it>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 0c9cd2345ae3e337dd3cdae9f1199e6d@kvr.at>
References: <[🔎] ZgcgCR8uDPIXVJS_@akarlsso-mac.trudheim.com> <[🔎] 87a5mgkcn4.fsf@hope.eyrie.org> <[🔎] 875xx4k9bv.fsf@hope.eyrie.org> <[🔎] 36567ed4-7246-4466-9122-2934d6e9f18f@debian.org> <[🔎] Zgg3Gm0aGIdQCMua@bongo.bofh.it> <[🔎] 0c9cd2345ae3e337dd3cdae9f1199e6d@kvr.at>

On Mar 30, Christian Kastner <ckk@kvr.at> wrote:

> >> Another big question for me is whether I should really still
> >> package/upload/etc from an unstable machine. It seems that it may be prudent
> > If we do not use unstable for development then who is going to?
> Are you both talking about unstable hosts, or unstable chroots, or...?
I am talking about our own computers.

Obviously everything is built and rebuilt in unstable chroots.
But I think that we have to eat our dog food.

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- xz backdoor
  - From: Sirius <sirius@trudheim.com>
- Re: xz backdoor
  - From: Russ Allbery <rra@debian.org>
- Re: xz backdoor
  - From: Russ Allbery <rra@debian.org>
- Re: xz backdoor
  - From: Jonathan Carter <jcc@debian.org>
- Re: xz backdoor
  - From: Marco d'Itri <md@Linux.IT>
- Re: xz backdoor
  - From: Christian Kastner <ckk@kvr.at>

Prev by Date: Re: Validating tarballs against git repositories
Next by Date: Re: Is it allowed to remove attribution in public domain "licensed" source code? (and pondering about ftp-level reviews)
Previous by thread: Re: xz backdoor
Next by thread: Re: xz backdoor
Index(es):
- Date
- Thread