undefined | Better HN

0 pointsneurostimulant2y ago0 comments

Rolling back two years worth of commits made by a major contributor is going to be hell. I'm looking forward to see how they'll do this.

0 comments

joeyh2y ago

Not really. xz worked fine 2 years ago. Roll back to 5.3.1 and apply a fix for the 1 security hole that was fixed since that old version. (ZDI-CAN-16587)

Slight oversimplification, see https://bugs.debian.org/1068024 discussion.

kelseydh2y ago

This seems true with so many of these core libraries. Change for the sake of change introduces attack vectors. If it ain't broke, don't fix it!

account422y ago

Yeah but people will cry "dead project" if there hasn't been a release for a week.

j / k navigate · click thread line to collapse