Kissake
Follow

@shansterable@c.im @chris

I think that's true, but also:

This software underpins a LOT of other software, which means the potential scope of the problem isn't just this one piece of software, but everything that relied on it, which includes (obviously, since it was detected there) OpenSSH, but also tons of other software (like the Linux kernel).

Analysis so far as I've seen (haven't looked hard) points to specifically OpenSSH being targeted, rather than other dependents. Still, everyone who depends on this library (which is a lot more people than just the xz programming community) is going to double-check a lot of stuff because of this find.

Plus, it is going to make folks in the open-source software (OSS) community just a bit more paranoid. It might be unjust if anyone thinks of this as being unique to OSS, since SolarWinds had a not-too-dissimilar issue not too long ago (this is different at least in that we can see exactly when the change was made and what it was, in public)

· · 0 · 0 · 0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy