Nix / NixOS

1765 readers

5 users here now

Main links

Videos

founded 1 year ago

MODERATORS

ballmerpeaking@programming.dev

WhiteBlackGoose@programming.dev

erlingur@programming.dev

How the xz backdoor highlights a major flaw in Nix | Shade's Blog (shadeyg56.vercel.app)

submitted 7 months ago by starman@programming.dev to c/nix@programming.dev

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] GarlicToast@programming.dev 6 points 7 months ago (10 children)

Nix lets you go back, and you and even mix channels. Pulling one package from a different version.

[–] starman@programming.dev 5 points 7 months ago* (last edited 7 months ago) (6 children)

That's true, but you have to know there was a backdoor first. If someone doesn't know, and they use the latest version, they're vulnerable to attack

[–] pbsds@lemmy.ml 4 points 7 months ago (1 children)

If the issue had been critical, then the branch head could be rolled back, causing everyone to downgrade

[–] Atemu@lemmy.ml 2 points 7 months ago* (last edited 7 months ago)

That's a nice idea in theory but not possible in practice as the last Nixpkgs revision without a tainted version of xz is many months old. You'd trade one CVE for dozens of others.

load more comments (4 replies)

load more comments (7 replies)