Joerg Jaspert :debian:<p>And if you are curious about the <a href="https://fulda.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xz</span></a> <a href="https://fulda.social/tags/compromise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>compromise</span></a>, a little update on the <a href="https://fulda.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> site:</p><p>As already written, the archive processing is currently off (nothing new coming to testing/unstable/experimental, no mirror updates pushed out).</p><p>Automated build daemons for the affected architectures have been stopped, and only two of them regenerated with a clean <a href="https://fulda.social/tags/stable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stable</span></a> environment. They are building for the security archive only, nothing else, right now. That part is safe.</p><p>Members of the Release, FTP, Security, Build-Daemon and Sysadmin team are discussing what the next steps are. There are multiple different ways that can be taken, with different drawbacks and amounts of work involved.</p><p>Also, it is not yet fully known what the malicious code all could do, so there might be much more that needs to be done later - or not. Unknown as of now, needs the analysis of it to finish, which is not easy nor fast.</p><p><span class="h-card" translate="no"><a href="https://framapiaf.org/@debian" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>debian</span></a></span></p>