- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
cross-posted from: https://lemmy.ml/post/14334283
transcript
Screenshot of github showing part of the commit message of this commit with this text:
Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094). While the backdoor was inactive (and thus harmless) without inserting a small trigger code into the build system when the source package was created, it's good to remove this anyway: - The executable payloads were embedded as binary blobs in the test files. This was a blatant violation of the Debian Free Software Guidelines. - On machines that see lots bots poking at the SSH port, the backdoor noticeably increased CPU load, resulting in degraded user experience and thus overwhelmingly negative user feedback. - The maintainer who added the backdoor has disappeared. - Backdoors are bad for security. This reverts the following without making any other changes:
The sentence “This was a blatant violation of the Debian Free Software Guidelines” is highlighted.
Below the github screenshot is a frame of the 1998 film The Big Lebowski with the meme caption “What, are you a fucking park ranger now?” from the scene where that line was spoken.
To be fair proprietary software really shouldn’t be trusted