people throwing away half of the actual lessons you should be learning from the xz backdoor and instead going "systemd caused this by having integration with sshd" or "distributions caused this by using the systemd sshd integration" I'm going to fucking scream do you not understand that the open source software supply chain and thus half the tech landscape is always 2 steps from collapsing due to a backdoor like this potentially actually going under the radar for months (years?). if you have a backdoor like this in any fucking library that could maybe have a vector somewhere then god forbid when it's not related to systemd. where's your scapegoat then. grow a spine
Guy A:
>It affects openssh, and the backdoor in openssh is only possible because repos link libsystemd into openssh (and libsystemd links liblzma).
>
>Without systemd, or if systemd used a simple pipe for IPC instead of linking a full library we would not have this issue
Guy B:
>Just wanna note that we also would not have this issue if we consumed couple of liters of bleach for breakfast
And I think Guy B is showing the problem here very well if in a roundabout absurd way