What is Nostr?
Jakub Jirutka /
npub19rm…j2cd
2024-04-01 17:29:21

Jakub Jirutka on Nostr: If #xz were a Go or Rust dependency, you wouldn’t have a single copy of xz library ...

If #xz were a Go or Rust dependency, you wouldn’t have a single copy of xz library on your system, but many, #xzbackdoor hidden in every executable that uses it. Distros would have to rebuild all packages using that lib (not just the lib itself), which could take days or weeks, and users would have to update them all, downloading tens or hundreds of megabytes.

If you install binaries directly from vendors/devs, it’s even worse – you wouldn’t even know which ones are affected and you’d (1/3)
Author Public Key
npub19rmlx5qk3z43tt5guldaj903c8j47zgxhulq0vnntzrxt9g3gr6s9ej2cd