← Back to context

Comment by justusthane

3 months ago

No, they are extremely well vetted. Have you ever heard of a supply chain attack involving Red Hat, Debian or Ubuntu repos?

3 comments

justusthane

Reply
jonquest  3 months ago

Yes, the XZ attack affected Fedora nightly and Debian testing and unstable. Yes, it got caught before it made it into a stable distribution (this time).

https://www.redhat.com/en/blog/understanding-red-hats-respon...

https://lists.debian.org/debian-security-announce/2024/msg00...

  • goodpoint  3 months ago

    So the attack was successfully stopped and you complain about it?

    • jonquest  3 months ago

      I’m not complaining, I’m pointing out facts. If the facts offend you, that’s your problem. Ignore them if you wish.