tac icon indicating copy to clipboard operation
tac copied to clipboard

Published 20 hours ago verified publisher icon AcademySoftwareFoundation

Implications of xz Backdoor

Open jmertic opened this issue 1 year ago • 4 comments
trafficstars

As requested by @lgritz - short discussion on the implications for our projects.

Reading materials:

jmertic avatar Apr 03 '24 16:04 jmertic

Meeting scheduled for 4/22 - https://zoom-lfx.platform.linuxfoundation.org/meeting/92976878404?password=e38448b3-3540-4462-998b-db064f066499

jmertic avatar Apr 17 '24 19:04 jmertic

4/22 maybe?

lgritz avatar Apr 17 '24 20:04 lgritz

🤦 - good catch @lgritz . Fixed now

jmertic avatar Apr 18 '24 11:04 jmertic

Meeting held 4/22 - notes at https://hackmd.io/19JjhwdVTOqyWGBxVVxiPg?both#Meeting-notes-2024-04-22

Recommended actions from the group:

  • Develop guidelines for projects for considering new maintainers and managing existing maintainers.
  • Assessment of hardware/software environments where projects don't have the resources/expertise to adequately review incoming PRs ( namely Windows support, but also specialty architectures and GPUs ).
  • Take Cary's list ( https://wiki.aswf.io/display/OEXR/OpenEXR+Project+Security+Hardening+Steps ) and build specific docs for project leads to follow to implement. Also, hold office hours for project leads to work with someone to help set it up.
  • Develop a policy for accepting binary blobs.

jmertic avatar Apr 23 '24 13:04 jmertic