Originally posted by EphemeralEft
View Post
Announcement
Collapse
No announcement yet.
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
Collapse
X
-
- Likes 24
-
Originally posted by caligula
True. Finland recently joined NATO. So I would say they're on our side. This Chinese guy sounds like he's Winnie the Pooh's minion. Maybe trying their best to help Vladimir win his war of genocide in Ukraine. Backdoor in western servers would greatly help now that their hypersonic weapons seem like pieces of crap.
- Likes 1
Comment
-
The repo was disabled because it's now a matter national security. NSA/CIA/FBI have full access though because they need to trace every IP and every interaction.
Had this not been discovered and quite serendipitously so, the hackers behind this attack could have compromised RHEL, Ubuntu, SLES and oh boy this is some extremely serious stuff.
- Likes 5
Comment
-
This has nothing to do with LZMA, it's just an issue with XZ. No point in abandoning LZMA in favour of zstd (which is very nice, but usually offers worse compression ratio).
There are alternatives, like lzip, which is direct competitor to xz, readily available in most repositories.
Funnily enough, its author claimed long ago that it is a better and safer solution.
Personally, I've switched to excellent lrzip (by Con Kolivas) years ago, it is faster and usually offers better compression ratio than ordinary LZMA compressor.Last edited by sobrus; 30 March 2024, 02:51 AM.
- Likes 9
Comment
-
Oh that's adorable GitHub continues their "we know better than you" campaign and shuts down repos before they can cause any of their investors harm.
I'm so glad I moved off of that site. I really don't trust anyone who still hosts there.
- Likes 10
Comment
-
Originally posted by Ironmask View PostOh that's adorable GitHub continues their "we know better than you" campaign and shuts down repos before they can cause any of their investors harm.
I'm so glad I moved off of that site. I really don't trust anyone who still hosts there.
- Likes 9
Comment
-
Originally posted by CommunityMember View Post
Moving to zstd as the new standard compression choice may be a good plan, but the reality is that there exists many existing (and there will be newly created by existing workflows) files in xz/lzma such that xz will need to be supported for quite some time (essentially forever).
- Likes 2
Comment
-
according to https://www.redhat.com/en/blog/urgen...-rawhide-users the problem is a M4 macro, used by autotools. So why not just remove the autotools build system ? Cmake build system is already usable for xz.
- Likes 4
Comment
-
Originally posted by Ironmask View PostOh that's adorable GitHub continues their "we know better than you" campaign and shuts down repos before they can cause any of their investors harm.
I'm so glad I moved off of that site. I really don't trust anyone who still hosts there.
- Likes 5
Comment
Comment