• lemmyreader@lemmy.ml
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    4
    ·
    8 months ago

    You didn’t follow the XZ-utils story ? The malicious actor worked for years on that XZ backdoor that targeted the fact that some Linux distributions were modifying their openssh package to enable systemd notifications.

    • boredsquirrel@slrpnk.net
      link
      fedilink
      arrow-up
      7
      arrow-down
      7
      ·
      8 months ago

      Ok true, it was a systemd dependent issue. But it only makes sense to have those notifications. The problem is dependency on small hardly maintained products, which systemd will improve by centralizing it.

      • Macros@feddit.de
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        8 months ago

        And where do maintainers for the new parts of systemd come from? The larger systemd grows the more parts of it will be neglected. Also in regard to people checking commits, opening up doors for exploits like the one in xz.