Re: about XZ backdoor

To: debian-project@lists.debian.org
Subject: Re: about XZ backdoor
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun, 23 Nov 2025 20:07:39 +0000
Message-id: <[🔎] 86ms4ctsvo.fsf@simplex.rtf.org.uk>
Mail-followup-to: debian-project@lists.debian.org
References: <[🔎] CAK32FY0rYC=f+CgJjS2dKszij_cU403x9CzcaMLP+Yd--phDxw@mail.gmail.com> <[🔎] aSDhIz14lYNAw9Ge@tuxteam.de> <[🔎] 86qztou01e.fsf@simplex.rtf.org.uk> <[🔎] aSNNTUebD2xFhjZ7@tuxteam.de>

<tomas@tuxteam.de> writes:

> On Sun, Nov 23, 2025 at 05:33:01PM +0000, Richard Lewis wrote:

>> >   https://en.wikipedia.org/wiki/Xz_backdoor
>> 
>> Is there also a write-up of Debian's response and/or learning from this incident?
>
> Follow link #21 in the above reference.

well that is about fixing the specific cve, but that's not really the
same as a write-up of the overall response, which involved lots of
people doing lots of things

Reply to:

References:
- about XZ backdoor
  - From: "William Richards #SaveOurInternet" <corpseleague@gmail.com>
- Re: about XZ backdoor
  - From: <tomas@tuxteam.de>
- Re: about XZ backdoor
  - From: Richard Lewis <richard.lewis.debian@googlemail.com>
- Re: about XZ backdoor
  - From: <tomas@tuxteam.de>

Prev by Date: Re: about XZ backdoor
Previous by thread: Re: about XZ backdoor
Index(es):
- Date
- Thread