[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
|
From: |
Richard Stallman |
|
Subject: |
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor |
|
Date: |
Thu, 04 Apr 2024 18:43:39 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> I would like to clarify that my purpose in starting this thread wasn't
> so much to ask, "How could the xz backdoor specifically have been
> prevented?" (which seems pretty clearly impossible) but rather, "How
> can we use this incident as inspiration for general-purpose
> improvements to the GNU Coding Standards and related tools?" In other
> words, even if a proposal wouldn't have stopped this particular
> attack, I don't think that's a reason not to try it.
I agree -- you are posing the important question.
However, people have proposed ideas here that (it seems)
could have made the XZ crack harder to do, or increased
the likelihood of spotting it. For instance, checking m4
files against standard sources. and maybe some others.
So let's not discard completely the idea of preventing
the XZ crack.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, (continued)
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Russ Allbery, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Gallager, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bruno Haible, 2024/04/02
- Re: checking aclocal m4 files (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/04
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bruno Haible, 2024/04/04
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Sam James, 2024/04/05
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/08
- Re: detecting modified m4 files (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/07
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor,
Richard Stallman <=
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/04/02
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/01
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/04
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/06
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Richard Stallman, 2024/04/08
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/08
- Re: GCC reporting piped input as a security feature, Jan Engelhardt, 2024/04/09
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/09
- Re: GCC reporting piped input as a security feature, Zack Weinberg, 2024/04/11