490

XZ Utils is back on GitHub and Lasse Collin has been unbanned(github.com)

posted
by
Avatar
testeronious@lemmy.world
in
Avatar
linux@lemmy.ml
58 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
Yondoza@sh.itjust.works
32 points

Can someone provide a summary on what this means? I thought there were malicious exploits in this. Why is it back up and the perpetrator unbanned?

permalink
report
reply
Avatar
silliewous@feddit.nl
36 points

The second maintainer was most likely the culprit.

permalink
report
parent
reply
Avatar
Nomad Scry@lemmy.sdf.org
157 points

Lasse Collin is not the perpetrator, that would be “Jia Tan”.

https://tukaani.org/xz-backdoor/

permalink
report
parent
reply
Avatar
xyz@lemmus.org
41 points

There’s a Wikipedia article regarding this incident. Have a look: https://en.wikipedia.org/wiki/XZ_Utils_backdoor

permalink
report
parent
reply
Avatar
4am@lemm.ee
58 points

Exploits were removed. Maintainer who committed them still banned. xz is a critical piece of software.

permalink
report
parent
reply
Avatar
pixxelkick@lemmy.world
97 points

Lasse is the original maintainer of XZ, they have been placed back in their position as sole maintainer.

“Jia Tan” was the person who slipped the backdoor into XZ and is now banned.

Lasse has already fixed abd removed the backdoor.

XZ itself is critical software everyone uses (its one of the main compression/decompression programs used on linux)

permalink
report
parent
reply
Avatar
Auli@lemmy.ca
5 points
*

Yes but damage seems to be done. Distros are talking or have moved off of it to zstd.

permalink
report
parent
reply
Avatar
Billegh@lemmy.world
22 points

There are some, probably. But any exodus will be slow. Xz isn’t useless because it was dangerous once.

permalink
report
parent
reply
Show more comments
Avatar
Calyhre@lemmy.world
10 points

I would argue this might make xz safer mid-term. So much eyes on it. I’m not familiar with other solutions, but who’s to say the bad actor won’t try a similar trick elsewhere

permalink
report
parent
reply
Avatar
PlexSheep@infosec.pub
10 points

Zstd and xz fullfil different needs. Xz take more time to compress and is faster to decompress as far as I know.

permalink
report
parent
reply
Show more comments
Avatar
treadful@lemmy.zip
36 points

Don’t downvote people asking questions.

permalink
report
parent
reply
Avatar
the_third@feddit.de
2 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
treadful@lemmy.zip
0 points

It’s just a question. Any implications or tone you perceive here is likely your own projection.

Try and read it assuming the poster is asking in good faith.

permalink
report
parent
reply
Show more comments
Avatar
Billegh@lemmy.world
37 points

This sounds just like something Jia Tan might say…

permalink
report
parent
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 7.7K

    Monthly active users

  • 6.5K

    Posts

  • 179K

    Comments

Community moderators