How the xz backdoor highlights a major flaw in Nix | Shade's Blog
How the xz backdoor highlights a major flaw in Nix | Shade's Blog
shadeyg56.vercel.app
How the xz backdoor highlights a major flaw in Nix | Shade's Blog
8 comments
8 comments
How the xz backdoor highlights a major flaw in Nix | Shade's Blog
How the xz backdoor highlights a major flaw in Nix | Shade's Blog
That's true, but you have to know there was a backdoor first. If someone doesn't know, and they use the latest version, they're vulnerable to attack
@starman @GarlicToast true but I don't think you can use nix and not know about the xz exploit within minutes of it being found out.
If the issue had been critical, then the branch head could be rolled back, causing everyone to downgrade
That works for leaf packages but not for core node packages. Every package depends on xz in some way; it's in the stdenv aswell as bootstrap.