A backdoor in xz
A backdoor in xz
Posted Mar 29, 2024 22:09 UTC (Fri) by mdeslaur (subscriber, #55004)In reply to: A backdoor in xz by bluca
Parent article: A backdoor in xz
I don't think anyone would have noticed the malicious code even if he did check it into git. In fact, this was easily spotted _because_ the tarball didn't match the git repo.
Posted Mar 30, 2024 7:42 UTC (Sat)
by epa (subscriber, #39769)
[Link]
A backdoor in xz
I guess the attacker had the choice of putting the code into git, but chose to modify the tarball only, because he thought it would be less detected that way. A commit in git would certainly be more visible.