Daily Linux & Open Source News - S01E68 - XZ Backdoor repercussions
Added 2024-04-04 07:42:22 +0000 UTCHey everyone!
In this one, we have:
00:05 Ubuntu delays 24.04 Beta after the XZ backdoor
https://linuxiac.com/ubuntu-24-04-lts-beta-release-postponed-due-to-security-concerns/
01:37 SystemD might drop all external dependencies
https://linuxiac.com/after-a-recent-ssh-vulnerability-systemd-reduces-dependencies/
04:42 New scanner can detect the XZ backdoor anywhere
Have a nice day!
Comments
It seems to me that the longer term solution to the xz backdoor problem is to discourage the culture of anonymity in FOSS development. Jia Tan was a known and trusted contributor, yet still completely anonymous, and that is what I see as the core problem. I think FOSS projects are going to have to encourage face-to-face dev meetups and the exchange of personally identifiable information. The more robust a web of trust the FOSS community builds, the harder it will be for bad actors — even state sponsored ones — to inject rogue code into a project.
Zippy Wonderdust
2024-04-04 16:17:55 +0000 UTCGlad to see that solutions are being made. I use openSUSE and certainly didn't expect to have a backdoor installed on my system. Let's hope this kind of thing happens very rarely and gets caught quickly.
Michal Walach
2024-04-04 11:18:30 +0000 UTC
