3 Apr
2024
3 Apr
'24
19:01
On 4/3/24 2:56 PM, John Paul Adrian Glaubitz wrote:
On Wed, 2024-04-03 at 14:53 -0400, Joe Salmeri wrote:
Does this mean there is still a backdoor issue with xz 5.4-3.2 since it is being downgraded again to 5.4-2.1 ?
No, the backdoor was introduced in 5.6.0 and improved in 5.6.1.
See this excellent write-up by Sam James from Gentoo [1] for more.
Adrian
[1] https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Thanks Adrian, I have read that write up and many others. The update repo downgraded xz to 5.4-3.2 ( because TW repos had previously installed 5.6.1 ) and build 20240329 also reverted to 5.4-3.2. What I'm trying to understand is why is it downgrading xz again to 5.4-2.1 ? -- Regards, Joe