Remix clone Hacker News

new | show | ask | jobs Github

▲

socalgal2 4 days ago

I'll bet they don't. There's way to much churn for it all to be checked

▲

const_cast 4 days ago | parent | next [-]

Churn? On Debian?

It takes like 2 years to get up to date packages. This isn't NPM.

	▲	SchemaLoad 3 days ago \| parent [-]
		The xscreensaver dev managed to very easily slip a timebomb in to the debian repos. Wasn't obscured in any way, the repo maintainers just don't review the code. It would be physically impossible for them to review all the changes in all the programs.

▲

justusthane 4 days ago | parent | prev [-]

No, they are extremely well vetted. Have you ever heard of a supply chain attack involving Red Hat, Debian or Ubuntu repos?

▲

jonquest 4 days ago | parent [-]

Yes, the XZ attack affected Fedora nightly and Debian testing and unstable. Yes, it got caught before it made it into a stable distribution (this time).

https://www.redhat.com/en/blog/understanding-red-hats-respon...

https://lists.debian.org/debian-security-announce/2024/msg00...

▲

goodpoint 3 days ago | parent [-]

So the attack was successfully stopped and you complain about it?

	▲	jonquest 3 days ago \| parent [-]
		I’m not complaining, I’m pointing out facts. If the facts offend you, that’s your problem. Ignore them if you wish.