Replies: 2 comments
-
Well, as far as things are currently known, only the backdoored releases are problematic. The stable Linux dists usually did not already include these versions and the unstable/rolling release dists reverted to safe versions. For borg, the situation is like this:
Considering trust in liblzma in general: borg could not just remove lzma compression, because that would render all lzma compressed repos unusable. The only point in time we could do that is when migrating from borg1 to borg2 where we could recompress stuff to something non-lzma. |
Beta Was this translation helpful? Give feedback.
-
Thanks very much for the clarification. |
Beta Was this translation helpful? Give feedback.
-
I'm guessing the answer is yes but best to check: is it still safe to use lzma compression given the recent xz Utils scare - https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
Beta Was this translation helpful? Give feedback.
All reactions