Royce Williams on Nostr: Reflecting on how the xz backdoor was uncovered because ssh was slow ... How long ...
Reflecting on how the xz backdoor was uncovered because ssh was slow ...
How long would it have taken the ecosystem to notice an *aggregate* slowdown in SSH on eligible systems?
How do/can distros manage *end-to-end* testing - to compare performance/behavior to a baseline?
How can we automate additional anomaly detection (commits that contain obfuscation, graph of expected and unexpected component/package interaction, etc.)?
#xz #cve20243094
How long would it have taken the ecosystem to notice an *aggregate* slowdown in SSH on eligible systems?
How do/can distros manage *end-to-end* testing - to compare performance/behavior to a baseline?
How can we automate additional anomaly detection (commits that contain obfuscation, graph of expected and unexpected component/package interaction, etc.)?
#xz #cve20243094