|
|
|
|
|
|
by Hackbraten
810 days ago
|
|
|
> Not even OpenSSH maintainers noticed this, which points to a failure in their processes as well, to a lesser degree. The OpenSSH project has nothing to do with xz.
The transitive dependency on liblzma was introduced by a patch written by a third party. [1] You can't hold OpenSSH project members accountable for something like this. [1]: https://bugs.debian.org/778913 |
|
|
This is a tragedy of the commons, and we can't place blame on a single project besides xz itself, yet we can all share part of the blame to collectively do better in the future.