Re: GNU Coding Standards, automake, and the recent xz-utils backdoor

bug-standards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Coding Standards, automake, and the recent xz-utils backdoor

From:	Jose E. Marchesi
Subject:	Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
Date:	Sun, 31 Mar 2024 17:34:10 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

> [...]
>> I agree that distcheck is good but not a cure all.  Any static
>> system can be attacked when there is motive, and unit tests are
>> easily gamed.
>
> The issue seems to be releases containing binary data for unit tests,
> instead of source or scripts to generate that data.  In this case,
> that binary data was used to smuggle in heavily obfuscated object
> code.

As a side note, GNU poke (https://jemarch.net/poke) is good for
generating arbitrarily complex binary data from clear textual
descriptions.

[Prev in Thread]

Current Thread

[Next in Thread]

GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Gallager, 2024/03/30
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Karl Berry, 2024/03/30
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bruno Haible, 2024/03/30
  - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Gallager, 2024/03/30
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bruno Haible, 2024/03/30
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, dherring, 2024/03/30
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jose E. Marchesi <=
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Gallager, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Tomas Volf, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Russ Allbery, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Gallager, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Peter Johansson, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/03/31
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Alexandre Oliva, 2024/03/30
  - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bob Friesenhahn, 2024/03/31
    - Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bruno Haible, 2024/03/31

Prev by Date: Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
Next by Date: Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
Previous by thread: Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
Next by thread: Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
Index(es):
- Date
- Thread