this post was submitted on 31 Mar 2024

587 points (97.6% liked)

Open Source

31258 readers

198 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

587

“the lesson I'm choosing to take from xz, as an oss maintainer, is that anyone trying to pressure or guilt me into doing something should immediately be told no, for security reasons” (crabby.fyi)

submitted 7 months ago by davel@lemmy.ml to c/opensource@lemmy.ml

61 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] tomalley8342@lemmy.world 24 points 7 months ago (1 children)

The compile process was modified to decrypt and unpack the "corrupted" test zip file, which was actually a code patch, and apply said code patch before assembly of the final binaries.

[–] KillingTimeItself@lemmy.dbzer0.com 1 points 7 months ago

hmm ok. Yeah idk, even from an organization aspect, i still wouldn't consider that to be ok. Test files that patch code on the fly is a recipe for a nightmare of maintenance. Which i suppose is the idea here considering that it's malicious code lol.