Ubuntu 24.04 Beta Delayed Due To XZ Nightmare (www.phoronix.com)
from KarnaSubarna@lemmy.ml to linux@lemmy.ml on 03 Apr 2024 18:53
https://lemmy.ml/post/14020994

#linux

threaded - newest

KarnaSubarna@lemmy.ml on 03 Apr 2024 19:01 next collapse

Further read: discourse.ubuntu.com/t/…/43801?u=d0od

rotopenguin@infosec.pub on 03 Apr 2024 20:42 next collapse

My $0.05 reading of it is that they want to hose down the build servers* and start clean, in case if the attacker escaped the sandboxing there.

* (the computers that compile all of the new packages from source, not web servers that are handing out finished deb binaries to the public.)

avidamoeba@lemmy.ca on 03 Apr 2024 23:01 next collapse

That would make sense if they ran servers on non-LTS release. Do they do that?

style99@kbin.social on 03 Apr 2024 23:12 next collapse

They're rebuilding all the newer builds "out of an abundance of caution." The servers themselves obviously don't run on experimental software.

rollingflower@lemmy.kde.social on 04 Apr 2024 08:44 collapse

This.

rollingflower@lemmy.kde.social on 04 Apr 2024 08:45 collapse

They dont run experimental software on their build servers.

DieserTypMatthias@lemmy.ml on 04 Apr 2024 09:43 collapse

Just don’t package it. And if you have to, sandbox it in Firejail or in Bubblewrap.