zlacker

[parent] [thread] 2 comments
1. fsflov+(OP)[view] [source] 2025-09-16 13:51:42
> npm packages

This has nothing to do with what I said. npm is not a trusted or a FLOSS repository.

> we don't live in fairyland

When did you see a malware in Debian's repositories last time?

replies(1): >>jovial+t63
2. jovial+t63[view] [source] 2025-09-17 10:59:41
>>fsflov+(OP)
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
replies(1): >>fsflov+RI3
◧◩
3. fsflov+RI3[view] [source] [discussion] 2025-09-17 14:54:07
>>jovial+t63
It never came to Debian and was a work of a tremendous effort. This almost never happens, and when it does, practically nothing can protect you.
[go to top]