The #xz vulnerability really has me feeling good about not living on the bleeding edge. I'm sure there's still some risk of a terrible backdoor somewhere in Debian or Ubuntu that hasn't been found yet, but at least there's a much higher chance of someone catching it before it bites me.
Only thing of mine that was affected was my Termux installations on my Android devices, something I never use for SSH anyway.
@Alex I work in tech, and for that reason I often hold off updating to the latest and greatest until enough time has passed to have early adopters run into whatever bugs or issues are introduced. 😂
It saved me a lot of work and frustration a few times already.
@n3wjack Agreed. I have been playing with Plasma 6 in a VM and can't wait to make it my daily driver, but I just can't trust it yet. Too much new stuff.
I am happy to test, but not at the expense of my real-world productivity or security.
@Alex If I understand the vulnerability correctly, the android case would only have mattered if you'd had an SSH *server* on the phone.
@aaribaud That's right. Pretty much a non-issue for what I use Termux for.
@Alex weird post. Some minor observations:
- not-bleeding edge won't protect from backdoors (often to the contrary)
- it's not about Debian (actually, Debian have found it for everyone) or Ubuntu
- probablility of catching inversely correlates to its age
- you may never know what's wrong until someone figures it out. For what we know your system can be full of backdoored stuff. 😁
Otherwise yes, it's lucky that it's been found out so fast, I can't even tell HOW lucky really.