Announcement

**emansom** · 29 March 2024, 10:38 PM

Good call to not trust any code of the developer and/or xz itself until further investigation. Bad call to disable all access, it was a central point to discuss. Welp, guess there's Hacker News still.

**mirmirmir** · 29 March 2024, 10:45 PM

Usual devious aah CIA tomfoolery or Facebook tomfoolery? I can't decide

**Barley9432** · 29 March 2024, 10:59 PM

Originally posted by emansom View Post

Good call to not trust any code of the developer and/or xz itself until further investigation. Bad call to disable all access, it was a central point to discuss. Welp, guess there's Hacker News still.

Central point to discuss what? All I saw there was speculation or nonsense.

**roviq** · 29 March 2024, 11:04 PM

Hmm, I really like Zstd for things like filesystem/stream/on-the-fly compression (I use it with btrfs and zfs), but XZ, 7zip, and related LZMA-family really does a great work squeezing bytes, and very useful for long term archival and other scenarios.

Apropos, I remember this post from the lzip maintainers about xz: https://www.nongnu.org/lzip/xz_inadequate.html

**gbcox** · 29 March 2024, 11:36 PM

Yeah, I've already started changing my scripts away from xz. Anyway, the way this whole thing has unfolded is just bizarre. Too many Manchurian Candidate vibes for me. At this point I don't see a compelling reason to stick with xz since there are a number of excellent alternatives.

**curfew** · 29 March 2024, 11:39 PM

Originally posted by emansom View Post

Good call to not trust any code of the developer and/or xz itself until further investigation. Bad call to disable all access, it was a central point to discuss. Welp, guess there's Hacker News still.

They violated GitHub terms of service, end of story.

**Chugworth** · 29 March 2024, 11:39 PM

Until now I wasn't too familiar with XZ. I would think that most system tasks involving compression should just move to Zstd, and if you want to use LZMA for archival then just use 7zip. Personally I've always preferred RAR over 7zip, but these days I don't really use either for archival. The built-in compression and error correction in ZFS is adequate for me, and gives direct access to the file itself. Snapshots allow me to confirm whether or not there have been any changes to the file. For datasets intended for archival, I crank the compression level up to 19. That does make it slower and use more CPU, but that doesn't really matter if I rarely access that dataset.

**CommunityMember** · 29 March 2024, 11:43 PM

Originally posted by roviq View Post

Hmm, I really like Zstd for things like filesystem/stream/on-the-fly compression (I use it with btrfs and zfs), but XZ, 7zip, and related LZMA-family really does a great work squeezing bytes, and very useful for long term archival and other scenarios.

Moving to zstd as the new standard compression choice may be a good plan, but the reality is that there exists many existing (and there will be newly created by existing workflows) files in xz/lzma such that xz will need to be supported for quite some time (essentially forever).

**cend** · 29 March 2024, 11:43 PM

A mirror is still active for anyone to audit:

git.tukaani.org - xz.git/tree

https://git.tukaani.org/?p=xz.git;a=tree

Announcement

GitHub Disables The XZ Repository Following Today's Malicious Disclosure

GitHub Disables The XZ Repository Following Today's Malicious Disclosure

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment