I'm not trying to troll, but I'm wondering if a distro like Gentoo is less susce... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		haolez on March 29, 2024 \| parent \| context \| favorite \| on: Backdoor in upstream xz/liblzma leading to SSH ser... I'm not trying to troll, but I'm wondering if a distro like Gentoo is less susceptible to such attacks, since the source code feels more transparent with their approach. But then again, it seems that upstream was infected in this case, so I'm not sure if a culture of compiling from source locally would help.

StressedDev on March 30, 2024 [–]

It is not going to make a difference. If you run malicious code, you will get hacked. Compiling the code yourself does not prevent the code from being malicious.

The one it might help is it might make it easier to find the back door once you know there is one.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact