Ariadne Conill 🐰 on Nostr: it should be noted that arch linux's reproducible source tarballs project actually ...
Published at
2024-04-01 18:02:34Event JSON
{
"id": "0c7c66a4fd3f42e00830c6e83025c56d1d3e00a5f6e30cd662e25d57138f02c9",
"pubkey": "f9b044092bad1eee0851b5ca647993daa898375a3b910cbf918d47aa4cfc292d",
"created_at": 1711994554,
"kind": 1,
"tags": [
[
"t",
"xzbackdoor"
],
[
"proxy",
"https://social.treehouse.systems/users/ariadne/statuses/112197275145464098",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.treehouse.systems/users/ariadne/statuses/112197275145464098",
"pink.momostr"
]
],
"content": "it should be noted that arch linux's reproducible source tarballs project actually caught the #xzbackdoor when they went and looked at it: https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757\n\nwhile not perfect, this is a practical defense against backdoored source tarball releases.",
"sig": "bc2a75760068d69e0503fe93a21071b43742d6e54e10ee45bc6971ca9da7a7a641a7576d1550427588ba7af58ecf92f67c772d1ca6ecf525c294b2992ae4c213"
}
