• banazir@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    6 months ago

    Well yeah, the recent xz vulnerability was not present in the source code at all. Any amount of code reading would not have caught that one.

    • Successful_Try543@feddit.de
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      6 months ago

      Wasn’t the problem that it the backdoor was not present in the source code on GitHub, but was in the source tarball? So as long as one reads the code that one actually builds from should be fine.

      • SuperIce@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 months ago

        A line of code that enables the backdoor was out present in the tarball. The actual code was obfuscated within an archive used for the unit testing.