Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5e72e6db-733c-423a-8213-f4698780cbab@wichmann.us>
Date: Sat, 30 Mar 2024 14:43:58 -0600
From: Mats Wichmann <mats@...hmann.us>
To: oss-security@...ts.openwall.com
Subject: Re: Re: backdoor in upstream xz/liblzma leading to ssh
 server compromise

On 3/30/24 09:32, Jeffrey Walton wrote:

>> Someone asked what would become of xz as a project. I do hope in light
>> of this event, some people step in to help.
> 
> Perhaps Lasse should turn over control of the project to an entity
> like the Linux Foundation. Xz is critical to Linux now, and it needs
> more oversight than Lasse can provide. (Not to impugn Lasse; he seems
> to be very busy. Extra [trusted] helping hands would probably be
> welcomed).

In light of this scenario (at least what I understand about it), it's 
got to be even harder now for an overloaded maintainer to accept help of 
a significant nature. Some large projects have an incredibly high bar 
for getting commit rights. Some small ones, too.  It's not about to get 
easier after this.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.