Building from git, or the github automatic tarball would have. The larger issue ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zamalek on March 30, 2024 \| parent \| context \| favorite \| on: Backdoor in upstream xz/liblzma leading to SSH ser... Building from git, or the github automatic tarball would have. The larger issue here is authenticating tarballs against the source.

account42 on April 5, 2024 [–]

There is no reason to believe the exploit would have been spotted earlier had the attacker included the final part in git.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact