The changes to build-to-host.m4 *weren't* in the source repo, so there was no co... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Aloisius on April 1, 2024 \| parent \| context \| favorite \| on: Xzbot: Notes, honeypot, and exploit demo for the x... The changes to build-to-host.m4 weren't in the source repo, so there was no commit. The attacker had permissions to create GitHub releases, so they simply added it to the GitHub release tarball.

MuffinFlavored on April 2, 2024 [–]

How would this have made it into Debian? Part of the Debian build is to pull down a release tarball (and then build from source) and not `git clone` a repo at a specific tag and build from source?

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact