| ▲ | justusthane 4 days ago | ||||||||||||||||
No, they are extremely well vetted. Have you ever heard of a supply chain attack involving Red Hat, Debian or Ubuntu repos? | |||||||||||||||||
| ▲ | jonquest 4 days ago | parent [-] | ||||||||||||||||
Yes, the XZ attack affected Fedora nightly and Debian testing and unstable. Yes, it got caught before it made it into a stable distribution (this time). https://www.redhat.com/en/blog/understanding-red-hats-respon... https://lists.debian.org/debian-security-announce/2024/msg00... | |||||||||||||||||
| |||||||||||||||||