Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO. The level of transparency is stellar, especially compared to proprietary software companies. What the FOSS world has accomplished in 24 hours after detection of the backdoor code in #xz deserves a moment of humbleness. Instead we have flamewars and armchair experts shouting that we must change everything NOW. Which would introduce even more risks. Progress is made iteratively. Learn, adapt, repeat.
Just FTR. The backdoor code was inserted only under very specific circumstances in the build process. Once the problem was identified and after initial analysis made it clear how it worked, immediate action was taken in a coordinated fashion. Affected builds/packages were removed, update systems for affected distributions started delivering forced downgrades. Users of these systems were informed. This all happened in public, in transparent and open ways. All in the first 24 hours. I tip my hat.
- replies
- 0
- announces
- 0
- likes
- 6
@jwildeboer reminds me of when some version of Windows had three backdoors: one accidental, another created by Microsoft for the CIA, and another one created by an infiltrated CIA agent
@jwildeboer Absolutely. From identifying the problem to having the fix on my computer, drawn from the official (Arch) repo, it took just about 3 hours. That's insanely fast.
