this post was submitted on 22 Dec 2025
67 points (98.6% liked)

Linux

10754 readers
834 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
67
Debian’s git transition plan (diziet.dreamwidth.org)
submitted 2 days ago by cm0002@infosec.pub to c/linux@programming.dev
5 comments fedilink hide all child comments
 

tl;dr:

There is a Debian git transition plan. It’s going OK so far but we need help, especially with outreach and updating Debian’s documentation.

you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings@programming.dev 7 points 1 day ago (1 children)

The backdoor of the xz utils program(s) was in the tarball release, but not the main source code:

https://en.wikipedia.org/wiki/XZ_Utils_backdoor

If debian had dodged the upstream tarball, then they wouldn't have been affected by this.

[–] data1701d@startrek.website 2 points 1 day ago

I mean, that's true, but that doesn't mean that's why Debian's doing it.

If they were solving just that, then they would have just pushed for something like a reproducible tarball where you can point to a commit, branch, tag, etcetera from which that tarball can be reproduced and not bother migrating their package format.

Debian has a serious ease-of-packaging issue that I've witnessed first-hand, and I think they've made it clear that it's moreso the ease factor they're focused on that the security factor.