123

submitted 5 months ago by fl42v@lemmy.ml to c/linuxmemes@lemmy.world

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[-] mvirts@lemmy.world 36 points 5 months ago

Lol we can be smug until someone sneaks a backdoor into nixpkgs for a while. For user envs updating the system doesnt mean the compromise is gone, although checking would be super easy.

[-] unhinge@programming.dev 3 points 5 months ago

I wouldn't be so sure it doesn't affect NixOS^[1].

I am not a security researcher, nor a reverse engineer. There's lots of stuff I have not analyzed and most of what I observed is purely from observation rather than exhaustively analyzing the backdoor code.

Also, it may take 10 days to downgrade the package^[2].

[-] fl42v@lemmy.ml 1 points 5 months ago

Yea, but the move to verify the path seemed somewhat funny at the time. As for the second part - it's a shame, but expected: they need to re-compile like everything. So, I just decided to wait since all my machines are ssh-ible from VPN only

this post was submitted on 29 Mar 2024

123 points (97.7% liked)

linuxmemes

20707 readers

1449 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world