Announcement

**spicfoo** · 01 April 2024, 05:47 PM

Originally posted by lateo View Post

Well. Yes and no.

Index of /pub/fedora/linux/development

https://dl.fedoraproject.org/pub/fedora/linux/development/

Fedora Linux 40 Schedule: Key

https://fedorapeople.org/groups/schedule/f-40/f-40-key-tasks.html

TLDR; my understanding is that rawhide is already split from 40.

But in any case, you're right, there's not such thing as F41 atm.

You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.

**lateo** · 01 April 2024, 06:05 PM

Originally posted by spicfoo View Post

You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.

Precision added so that agreement can be reached.
41 doesn't exist, yet it's shadow is there in rawhide.
Don't take offence, you can count it on me nitpicking

**darkoverlordofdata** · 01 April 2024, 08:19 PM

I find it a bit ironic that this was discovered by Microsoft. The fact is, this was a malicious and intentional backdoor, and it sailed past all the vaunted Linux bureaucracy and its many eyes.

This is an organizational issue. This was accomplished by social engineering, by another oss team that were bad actors. And now I’m supposed to continue trusting open source? And not trust Microsoft? Right.

This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one.

**HEL88** · 01 April 2024, 09:08 PM

Originally posted by mSparks View Post

yeah, being able to hire your own developers working on the entire product lifecycle gives you waaaay less control of the product lifecycle than relying on what bill gates wrote 30 years ago.

ROFL.

Linux, too, was written 30 years ago based on an architetcture from 60 years ago. In addition, it was done by a student. It must be safe and thoughtful LOL

.

**HEL88** · 01 April 2024, 09:12 PM

Originally posted by F.Ultra View Post

That's news to me, we hire several Linux developers (and I'm one of them) and none of us have any prior macOS experience.

All my life I have not met a professional linux developer (only hobbyists).

But I know that there is a company nearby where they develop embeded systems based on linux so I know where to meet them besides the forum

.

**avis** · 02 April 2024, 01:25 AM

Originally posted by lateo View Post

When you know the history of the product and the current Us laws, why wouldn't you be wary of it especially if you're not a US citizen/corp/gov ?
When you know that linux dev were put under pressure to look somewhere else and let some shitty stuff go into the kernel, why wouldn't you assume that a billions dollars company wouldn't be subject to such pressures ?

Your points are somewhat valid, but man... I don't do unicorns.

Somewhat valid? And no examples again? Thanks for confirming the last sentence for the Nth time.

In the meantime I don't understand why the "Windows is full of backdoors" mythology is so close to Linux fans. I guess with the amount of time you've wasted tinkering with Linux to get it to work, you need some internal justification. That'll work, right. Just try to be I don't know be honest with yourself, will you? I guess not.

**Keats** · 02 April 2024, 02:35 AM

Originally posted by avis View Post

By the same token you can make an argument that Google/Apple/MS distribute malware via their App Stores. No, that's not what I meant and if I didn't make myself clear at first, I'll make it clear now: I only meant software which is developed, distributed publicly and signed by these three companies.

"Distributed publicly" is also quite important. I can imagine all three companies have security researchers/engineers who have written exploits/malware/viruses just for fun and for testing purposes.

Here's the full story: https://grahamcluley.com/microsoft-stab-macro-viruses/ https://www.cnet.com/deals/the-88-be...ill-remaining/

Not really malware, more like a stupid joke perhaps from someone who was heavily reprimanded. I'm still thankful you've unearthed it as I never knew about it. It was back from the time when the Internet wasn't yet a thing.

Here we are talking about a freaking backdoor to access a system remotely.

Then you should have said so in the first place instead of moving goalposts and generally acting like a troll.

**qarium** · 02 April 2024, 12:35 PM

Originally posted by spicfoo View Post

You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.

looks like the key maintainers and developers of debian and fedora where informed in a sting operation and they did make sure the xz exploid does not land in a functional state.

**qarium** · 02 April 2024, 12:39 PM

Originally posted by darkoverlordofdata View Post

I find it a bit ironic that this was discovered by Microsoft. The fact is, this was a malicious and intentional backdoor, and it sailed past all the vaunted Linux bureaucracy and its many eyes.
This is an organizational issue. This was accomplished by social engineering, by another oss team that were bad actors. And now I’m supposed to continue trusting open source? And not trust Microsoft? Right.
This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one.

yet another sock puppet of avis/birdie/sophisticles ?

it was not discovered by microsoft it was discovered by a person who also work for microsoft thats a big difference he does not represent microsoft.

"it sailed past all the vaunted Linux bureaucracy and its many eyes."

thats wrong it did not reach any stable or release of any major linux distro like ubuntu or fedora or debian... the only people who really where hit where the rolling release distros

but its not news that rolling release distros are really dangerous.

"This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one"

The Gentleperson's Guide To Forum Spies

https://cryptome.org/2012/07/gent-forum-spies.htm

your psychological operation will not work here

**qarium** · 02 April 2024, 12:47 PM

Originally posted by HEL88 View Post

All my life I have not met a professional linux developer (only hobbyists).
But I know that there is a company nearby where they develop embeded systems based on linux so I know where to meet them besides the forum

.

first you claim you have never met a professional linux developer then you say the professional linux developers are nearby ...

well...

Announcement

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment