all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* xz backdoor
@ 2024-04-01 19:46 Reza Housseini
  2024-04-01 20:39 ` Kaelyn
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Reza Housseini @ 2024-04-01 19:46 UTC (permalink / raw)
  To: guix-devel

Hi Guixers

Just stumbled upon this recently discovered supply chain attack on xz, 
inserting a backdoor via test files [1, 2]. And it made me wondering, 
what would have been the effects on guix and how can we potentially 
avoid it?

Stay safe!
Reza

[1] https://www.openwall.com/lists/oss-security/2024/03/29/4
[2] https://access.redhat.com/security/cve/cve-2024-3094#cve-cvss-v3

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2024-04-02 22:36 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-01 19:46 xz backdoor Reza Housseini
2024-04-01 20:39 ` Kaelyn
2024-04-01 20:52   ` Attila Lendvai
2024-04-01 20:44 ` jbranso
2024-04-01 23:27 ` Leo Famulari
2024-04-02  8:23   ` Attila Lendvai
2024-04-02  8:29     ` adanskana
2024-04-02 22:35     ` Ryan Prior

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.