No announcement yet.

Ubuntu 24.04 Beta Delayed Due To XZ Nightmare

  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Originally posted by sophisticles View Post

    To address a few things:

    "nation-state actors work back-doors into closed-source projects"

    This is disingenuous because the U.S. has export control laws that have been on the books for decades ...
    The United States also has laws against tampering with computer systems without authorization. And yet, someone attempted to insert a conduit for exactly that purpose into liblzma via xz-utils.

    It is unconscionably naive to think that the presence of law has any bearing on the actions of nation-states engaged in sabotage and espionage. And, even if it did, it would be ridiculous to think that countries - who routinely embed intelligence assets within each other using plans on five to ten year time scales - wouldn't be doing the same to major corporations.

    Originally posted by sophisticles View Post

    "Some guy, who isn't an XZ maintainer"

    He was a Microsoft employee, you know working for that "evil" company that sells proprietary, closed source software.
    I never said that Microsoft was evil. I certain think it is a waste, and generally results in a product which is at its heart inferior in terms of the overall quality-per-dollar.

    As for Andres Freund? It is true that he is a Microsoft employee. And that his work had little to do with xz-utils in a direct, professional capacity. He stumbled upon this backdoor mostly through a combination of being in the right place at the right time and intuitive experience which probably deserves some kind of medal. He investigated on his own initiative as a result of personal curiosity. His discovery of this backdoor is only tangential at best to his employment at Microsoft.