this post was submitted on 11 Apr 2024
484 points (96.0% liked)

Programmer Humor

32472 readers
874 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 

transcriptScreenshot of github showing part of the commit message of this commit with this text:

Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).

While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

The sentence "This was a blatant violation of the Debian Free Software Guidelines" is highlighted.

Below the github screenshot is a frame of the 1998 film The Big Lebowski with the meme caption "What, are you a fucking park ranger now?" from the scene where that line was spoken.

you are viewing a single comment's thread
view the rest of the comments
[–] xantoxis@lemmy.world 6 points 7 months ago (2 children)

Well, I think they should revoke that guy's PGP key

[–] computergeek125@lemmy.world 2 points 7 months ago (1 children)

Isn't the point of PGP/GPG that there's no central database?

[–] Bene7rddso@feddit.de 2 points 7 months ago

Yes, he will always be able to prove that's it's him. But if they revoke the permissions of that key he can't do any more damage