Quote from: Derron on April 02, 2024, 08:04:30The xz lib itself was so to say put on a single pair of shoulders - easy to give reigns to someone else (by forking and adding more things than the original code - or voluntarily).This is one of the problems with open source software where it's either a single person, or a small team maintaining a package that becomes popular; gets to be too much work. What I find surprising is that this compromised package actually found it's way in distribution without being vetted. You would have thought that the main distribution vendors would be going over every package that gets committed with the number of vulnerabilities found over the years, especially those that a system has come to rely on. There's also been a few issues with how KDE implements themes that compromises as system.
Page created in 0.088 seconds with 17 queries.