> Seems innocuous, but maybe they were planning further changes. Seems like an a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

bombcar on March 29, 2024 | parent | context | favorite | on: Backdoor in upstream xz/liblzma leading to SSH ser...

> Seems innocuous, but maybe they were planning further changes.

Seems like an attempt to get 90 days of "use" of this vulnerability after discovery. If they only had checked performance before!

hackernudes on March 29, 2024 [–]

No, they just removed the bullet points about what to include in a report. The 90 days part was in both versions.

meragrin_ on March 29, 2024 | | [–]

Yes. An incomplete report allows for dragging out "fixing" the issue longer.

bombcar on March 29, 2024 | | [–]

True, but the "talk only to me" part was new, I think.

hughesjj on April 2, 2024 | | [–]

They didn't add any content, it was a pure removal commit

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact