TheFadingOne

joined 1 year ago
[–] TheFadingOne@feddit.de 6 points 7 months ago* (last edited 7 months ago)

Though unfortunately (or I guess for most use-cases fortunately) you can't find the malicious m4/build-to-host.m4 file on there afaik. The best way to find that now, should you really want to, is by looking through the commit history of the salsa.debian.org/debian/xz-utils repository which is, as far as I understand it, the repository that the debian packages are built from and consequently also what the compromised packages were built from.