Lol we can be smug until someone sneaks a backdoor into nixpkgs for a while. For user envs updating the system doesnt mean the compromise is gone, although checking would be super easy.
this post was submitted on 29 Mar 2024
122 points (97.7% liked)
linuxmemes
20484 readers
947 users here now
I use Arch btw
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules
- Follow the site-wide rules and code of conduct
- Be civil
- Post Linux-related content
- No recent reposts
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
I wouldn't be so sure it doesn't affect NixOS^[1].
I am not a security researcher, nor a reverse engineer. There's lots of stuff I have not analyzed and most of what I observed is purely from observation rather than exhaustively analyzing the backdoor code.
Also, it may take 10 days to downgrade the package^[2].
Yea, but the move to verify the path seemed somewhat funny at the time. As for the second part - it's a shame, but expected: they need to re-compile like everything. So, I just decided to wait since all my machines are ssh-ible from VPN only