Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebuild to address the xz backdoor/security issue + switch to Arch's DockerHub repository #48

Merged
merged 1 commit into from
Mar 30, 2024

Conversation

Antiz96
Copy link
Owner

@Antiz96 Antiz96 commented Mar 30, 2024

About the xz matter:
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://security.archlinux.org/ASA-202403-1

About the switch to Arch's DockerHub repository:
Arch Linux container images are built daily on Arch's DockerHub repository (compared to being built weekly on the official DockerHub library). Switching to a daily updated source allows to act faster on such eventual issue (as, for instance, the "latest" Arch image on the official DockerHub library currently is 14 days old, and do not contain the fix yet).

…DockerHub repository

About the xz matter:
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://security.archlinux.org/ASA-202403-1

Arch Linux container images are built daily on Arch's DockerHub repository (compared to being built weekly on the official DockerHub library).
Switching to a daily updated source allows to act faster on such eventual issue (as, for instance, the "latest" Arch image on the official DockerHub library currently is 14 days old, and do not contain the fix yet).
@Antiz96 Antiz96 merged commit 0d544cc into main Mar 30, 2024
1 check passed
@Antiz96 Antiz96 deleted the rebuild_xz branch March 30, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant