Re: about XZ backdoor

To: debian-project@lists.debian.org
Subject: Re: about XZ backdoor
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun, 23 Nov 2025 17:33:01 +0000
Message-id: <[🔎] 86qztou01e.fsf@simplex.rtf.org.uk>
Mail-followup-to: debian-project@lists.debian.org
References: <[🔎] CAK32FY0rYC=f+CgJjS2dKszij_cU403x9CzcaMLP+Yd--phDxw@mail.gmail.com> <[🔎] aSDhIz14lYNAw9Ge@tuxteam.de>

<tomas@tuxteam.de> writes:

> On Fri, Nov 21, 2025 at 11:22:15AM +0000, William Richards #SaveOurInternet wrote:
>> Would the backdoor have affected any Debian Linux web servers or cloud
>> environments?
>> Also how bad is the actual backdoor? Does the backdoor activate on your
>> system while you’re writing it to be a part of the binary of another
>> program? Also with targeting x86-64 does it just mean Linux computers that
>> use x86-64?
>> 
>> - 1 million top web servers use Linux
>> - Linux powers most of Global Cloud Environment
>> - 500 supercomputers use Linux
>> - Android is based off Linux
>
> Actually, if you do you homework, you can find out for yourself. Start
> here:
>
>   https://en.wikipedia.org/wiki/Xz_backdoor

Is there also a write-up of Debian's response and/or learning from this incident?

Reply to:

Follow-Ups:
- Re: about XZ backdoor
  - From: <tomas@tuxteam.de>

References:
- about XZ backdoor
  - From: "William Richards #SaveOurInternet" <corpseleague@gmail.com>
- Re: about XZ backdoor
  - From: <tomas@tuxteam.de>

Prev by Date: Re: about XZ backdoor
Next by Date: Re: about XZ backdoor
Previous by thread: Re: about XZ backdoor
Next by thread: Re: about XZ backdoor
Index(es):
- Date
- Thread