Comment on Promised myself I will support them after they go stable. They kept their promise and so did I
Seefoo@lemmy.world 2 days agoSure supply chain attacks are a thing, but containers aren’t the issue. Any package delivery mechanism can suffer from it. Its up to you to verify those containers and/or build it yourself
frongt@lemmy.zip 2 days ago
Yup. Whoever backdoored xz was very close to getting it into production. The only reason they got caught was a slight performance regression and an inquisitive and dedicated developer. arstechnica.com/…/what-we-know-about-the-xz-utils…
Some years ago, a backdoor made it into Gentoo. zdnet.com/…/linux-infection-proves-windows-malwar…