this post was submitted on 29 Mar 2024
1 points (100.0% liked)

Arch Linux

7750 readers
1 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 0 points 7 months ago (1 children)

To be fair, the backdoor only gets enabled when built as an RPM or Deb package, which doesn't apply to Arch Linux, and also requires openSSH to be linked to liblzma, which is also not the case on Arch. So from what we know so far, the Arch packages should not have had the vulnerability. The risk now is whether there are other vulnerabilities or backdoors that haven't been discovered which is why Arch made the update building directly from the git source instead of the known modified source tarball.

[โ€“] [email protected] 0 points 7 months ago

This is a Linux community, we are not here to be fair???