Atemu@lemmy.ml to Linux@lemmy.ml · 8 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square100fedilinkarrow-up1525arrow-down15cross-posted to: opensource@lemmit.onlinetechnologie@jlai.lunetsec@links.hackliberty.orglinux_gaming@lemmit.onlineprogramming@zerobytes.monstercybersecurity@zerobytes.monsternetsec@zerobytes.monsterlinux@zerobytes.monsterselfhosted@lemmy.worldlinux@lemmy.world
arrow-up1520arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 8 months agomessage-square100fedilinkcross-posted to: opensource@lemmit.onlinetechnologie@jlai.lunetsec@links.hackliberty.orglinux_gaming@lemmit.onlineprogramming@zerobytes.monstercybersecurity@zerobytes.monsternetsec@zerobytes.monsterlinux@zerobytes.monsterselfhosted@lemmy.worldlinux@lemmy.world
minus-squareDaniel Quinn@lemmy.calinkfedilinkEnglisharrow-up3·8 months agoWhy didn’t this become a thing? Surely in 2024, we should be able to build packages from source and sign releases with a private key.
minus-squareNatanael@slrpnk.netlinkfedilinkarrow-up5·8 months agoIt’s becoming more of a thing but a lot of projects are so old that they haven’t been able to fix their entire build process yet
Why didn’t this become a thing? Surely in 2024, we should be able to build packages from source and sign releases with a private key.
It’s becoming more of a thing but a lot of projects are so old that they haven’t been able to fix their entire build process yet