• pbsds@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    If the issue had been critical, then the branch head could be rolled back, causing everyone to downgrade

    • Atemu@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      That’s a nice idea in theory but not possible in practice as the last Nixpkgs revision without a tainted version of xz is many months old. You’d trade one CVE for dozens of others.