Lemmy.one
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Karna@lemmy.ml to Linux@lemmy.ml · 1 年前

Ubuntu 24.04 Beta Delayed Due To XZ Nightmare

www.phoronix.com

external-link
message-square
7
fedilink
  • cross-posted to:
  • ubuntu@discuss.tchncs.de
  • ubuntu@lemmy.ml
  • linux@lemmy.world
  • news@lemmy.linuxuserspace.show
112
external-link

Ubuntu 24.04 Beta Delayed Due To XZ Nightmare

www.phoronix.com

Karna@lemmy.ml to Linux@lemmy.ml · 1 年前
message-square
7
fedilink
  • cross-posted to:
  • ubuntu@discuss.tchncs.de
  • ubuntu@lemmy.ml
  • linux@lemmy.world
  • news@lemmy.linuxuserspace.show
alert-triangle
You must log in or # to comment.
  • rotopenguin@infosec.pub
    link
    fedilink
    English
    arrow-up
    42    ·
    edit-2
    1 年前

    My $0.05 reading of it is that they want to hose down the build servers* and start clean, in case if the attacker escaped the sandboxing there.

    * (the computers that compile all of the new packages from source, not web servers that are handing out finished deb binaries to the public.)

    • style99@kbin.social
      link
      fedilink
      arrow-up
      31      ·
      1 年前

      They’re rebuilding all the newer builds “out of an abundance of caution.” The servers themselves obviously don’t run on experimental software.

      • rollingflower@lemmy.kde.social
        link
        fedilink
        arrow-up
        6        ·
        1 年前

        This.

    • Avid Amoeba@lemmy.ca
      link
      fedilink
      arrow-up
      5      ·
      1 年前

      That would make sense if they ran servers on non-LTS release. Do they do that?

    • rollingflower@lemmy.kde.social
      link
      fedilink
      arrow-up
      3      ·
      1 年前

      They dont run experimental software on their build servers.

  • Karna@lemmy.mlOP
    link
    fedilink
    arrow-up
    11    ·
    1 年前

    Further read: https://discourse.ubuntu.com/t/xz-liblzma-security-update-post-2/43801?u=d0od

  • Matt@lemmy.ml
    link
    fedilink
    arrow-up
    2    ·
    edit-2
    1 年前

    Just don’t package it. And if you have to, sandbox it in Firejail or in Bubblewrap. Or just make Snap out of it.

Linux@lemmy.ml

linux@lemmy.ml

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@lemmy.ml

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

  • !opensource@lemmy.ml
  • !libre_culture@lemmy.ml
  • !technology@lemmy.ml
  • !libre_hardware@lemmy.ml

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 499 users / day
  • 2.58K users / week
  • 5.79K users / month
  • 16.6K users / 6 months
  • 550 local subscribers
  • 57.2K subscribers
  • 8.42K Posts
  • 220K Comments
  • Modlog
  • mods:
  • AgreeableLandscape@lemmy.ml
  • nooter692@lemmy.ml
  • MarcellusDrum@lemmy.ml
  • Arthur Besse@lemmy.ml
  • Cyclohexane@lemmy.ml
  • d3Xt3r@lemmy.nz
  • BE: 0.19.7
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org