tcpdump mailing list archives
Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster)
From: Bill Fenner <fenner () gmail com>
Date: Mon, 1 Apr 2024 10:42:29 -0700
mcr suggested:
I wonder if we should nuke our own make tarball system.
The creation of a tarball and its signature gives a place to hang one's hat about origin of code - "someone with the right key claims that this tarball genuinely reflects what the project wants to distribute". Is there a similar mechanism for a git tag? Bill _______________________________________________ tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
Current thread:
- openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Bill Fenner (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Bill Fenner (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Guy Harris (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Francois-Xavier Le Bail via tcpdump-workers (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Michael Richardson (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Francois-Xavier Le Bail via tcpdump-workers (Apr 02)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Denis Ovsienko (Apr 02)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Denis Ovsienko (Apr 03)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Bill Fenner (Apr 01)
- Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster) Denis Ovsienko (Apr 01)