davel [he/him]@lemmy.ml to Open Source@lemmy.ml · 6 months ago“the lesson I'm choosing to take from xz, as an oss maintainer, is that anyone trying to pressure or guilt me into doing something should immediately be told no, for security reasons”crabby.fyiexternal-linkmessage-square56fedilinkarrow-up1577arrow-down115
arrow-up1562arrow-down1external-link“the lesson I'm choosing to take from xz, as an oss maintainer, is that anyone trying to pressure or guilt me into doing something should immediately be told no, for security reasons”crabby.fyidavel [he/him]@lemmy.ml to Open Source@lemmy.ml · 6 months agomessage-square56fedilink
minus-squareReversalHatchery@beehaw.orglinkfedilinkEnglisharrow-up20·6 months agoThey were not shipped to the client. They were shipped to the build system, executed there after deobfuscation, and they inserted an additional, opaque program file into the build process.
minus-squareKillingTimeItself@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up1·6 months agothat much i picked up on, though i didn’t make it very clear. I did mention that alternative though.
They were not shipped to the client. They were shipped to the build system, executed there after deobfuscation, and they inserted an additional, opaque program file into the build process.
that much i picked up on, though i didn’t make it very clear. I did mention that alternative though.