oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Mats Wichmann <mats () wichmann us>
Date: Sat, 30 Mar 2024 14:43:58 -0600
On 3/30/24 09:32, Jeffrey Walton wrote:


Someone asked what would become of xz as a project. I do hope in light
of this event, some people step in to help.


Perhaps Lasse should turn over control of the project to an entity
like the Linux Foundation. Xz is critical to Linux now, and it needs
more oversight than Lasse can provide. (Not to impugn Lasse; he seems
to be very busy. Extra [trusted] helping hands would probably be
welcomed).
In light of this scenario (at least what I understand about it), it's got to be even harder now for an overloaded maintainer to accept help of a significant nature. Some large projects have an incredibly high bar for getting commit rights. Some small ones, too. It's not about to get easier after this.
Previous By Date Next
Previous By Thread Next

Current thread: