That's what people are saying though I haven't had the chance to look into this ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		metzmanj on March 29, 2024 \| parent \| context \| favorite \| on: Backdoor in upstream xz/liblzma leading to SSH ser... That's what people are saying though I haven't had the chance to look into this myself. Fuzzing isn't really the best tool for catching bugs the maintainer intentionally inserted though.

bombcar on March 29, 2024 [–]

It's more likely that fuzzing would blow up on new code and they wanted an excuse to remove it.

After all, if it hadn't had a performance regression (someone could submit a PR fixing whatever slowed it down, heh) it still wouldn't be known.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact