Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp318264lqz; Fri, 29 Mar 2024 19:56:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVkmSQcwuns5DSjPEKcJ9j2qNajBmPuFLXhGuEibmtNkN6GwYtJsx1N31ZLWoLtt+yy+ccCS79yBi/gSeoqfpfy/iKH4mA8R58ngyNBKg== X-Google-Smtp-Source: AGHT+IG2lSl5H9JHYm6LK7TKnFqJLPEc83acybgK0zDe3cLBRl1CEntjyHD68HYjbZT1e+IZ91RL X-Received: by 2002:a05:620a:1346:b0:78a:72b3:b3e8 with SMTP id c6-20020a05620a134600b0078a72b3b3e8mr3986217qkl.6.1711767370773; Fri, 29 Mar 2024 19:56:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711767370; cv=pass; d=google.com; s=arc-20160816; b=pa/Udgyu5+hyPgnv+LTpMg+k1ud34sWOFRoM6wVhyUmmzedB8lpJaeIYwXMwzLmM+C mRvgMD6ORgV3gyq+Fh/NRmdT5DpyLg0r6C7ODJ4yFv5EwZtLzHdirK8WAaRoZOKbHyTU cCUp7oWlzBq07OXWOrF92RVkFCJkHuhUwPHYEQHtBXVnCGGDTLGzqDjSggDR9nS5myT5 aY8MTqTyQ1BF6dUPXaqgkE1dNMD1MAC9NeQ7/rJqvvpTfvbO9ysJQ3ju8lTzcl4DuJGr a07ynFPs3hgZgBXyZdC0ibvJD8Xig7pasgRLNFVHF3NLFtF5atrDivRyj+L91Hd+HSUf LyIg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=ee5E2NbNiqExKfO3Dh33n72+M0NLVzclKrPVyOyN9Zw=; fh=PIAfqcBEY5fY5fz4r2kkZt9Yv/JD75jdetvPZ2IVSDo=; b=wjqF9UWjLLWrXKtyY4JMBlR/Om2TnNIK3lNAXvIn8QxsyTTFGEanlfZ7xFos4htzpi Y8M/G+1CTREkte2hxsZqL/KPBz1nCsGMr8gI4vAj+PKe0gPtb3YoodW5oKXSFSd5OEy6 7WKb1ACc3NKyF8ZwABYFC6DquA+IZiOjgFRaBqRgJlqJ+xFKDOgpxytgkeCWYVmsSDGK B9oVLf0dmIEaW3VMxx6+AUM7Nuq9MgLYFRQoXS40J25vwsPTqKyFPBA1CKNm1/MkEuCP /uvNzczojXTleqVTBE2YL3Xti92POYpYL4INkoNngv1pLHeUFMJ1dmz1pXj/Cb+O4EaS jcfA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=1hXSTLc5; arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-125577-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-125577-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id wm11-20020a05620a580b00b00789e8865563si4918496qkn.220.2024.03.29.19.56.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Mar 2024 19:56:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-125577-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=1hXSTLc5; arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-125577-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-125577-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 63FAC1C20F8C for ; Sat, 30 Mar 2024 02:56:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id ACFF26FBF; Sat, 30 Mar 2024 02:56:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="1hXSTLc5" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D517A5680 for ; Sat, 30 Mar 2024 02:56:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711767363; cv=none; b=QQNH0HVITl8J54OvDKQjHN+wW4M/YHM0kRoLPGj1FNDtDWovywfeBqqV1QFsPqKXBQHE53vkKIcPWo8ivSKwuUXnetDhUUgQiZtX0VF3BNB7ibpWau6S6X0e2hqz1Qu4Rvls1FxIs0KL48kTAn8vGaUCGHNbYj+WV8GhbTy0jQ0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711767363; c=relaxed/simple; bh=rwo876/D3BbCLDz9AnxgxEK63GG3r3tn2mTNlDvq1c4=; h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References: Mime-Version:Content-Type; b=Gk1mnuN1IhAQtkHva3tiPeuipEL9/ZXGuflVehoXvMkAjyqeOSlIdL64KOyrJUXwpY/w+V+2cKOXp4OEnA0AAYrMwWVUh1L05L7nmU9W2sPcil/7UQU2lO04/s8PqpK7BRpVtnGV6PiTb37eE7yyzcfwcwxdim0drOKzuzw7rH8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=1hXSTLc5; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40A25C433C7; Sat, 30 Mar 2024 02:56:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1711767363; bh=rwo876/D3BbCLDz9AnxgxEK63GG3r3tn2mTNlDvq1c4=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=1hXSTLc5Wq09D8Saa2jjpH5D6UZTd4uM6lId4vPv/LHHq/Ywd3cLaYRw4AoI4XZ1+ Kuoy/zoylLwNidJxwUS4fHr/aIBFpSSbtoGraBlBeaH9Icf/Wyizu/rh8/Kk0MamfL PaYhu37gDAyF7cVXdZeVxE87yKOXVEye232eBKMM= Date: Fri, 29 Mar 2024 19:56:02 -0700 From: Andrew Morton To: Jonathan Corbet Cc: Kees Cook , Lasse Collin , Jia Tan , linux-kernel@vger.kernel.org Subject: Re: [tech-board] [PATCH 00/11] xz: Updates to license, filters, and compression options Message-Id: <20240329195602.382cb1c99bb70e3d8c6093ae@linux-foundation.org> In-Reply-To: <87h6go3go2.fsf@meer.lwn.net> References: <20240320183846.19475-1-lasse.collin@tukaani.org> <202403291221.124220E0F4@keescook> <87h6go3go2.fsf@meer.lwn.net> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 29 Mar 2024 14:51:41 -0600 Jonathan Corbet wrote: > > Andrew (and anyone else), please do not take this code right now. > > > > Until the backdooring of upstream xz[1] is fully understood, we should not > > accept any code from Jia Tan, Lasse Collin, or any other folks associated > > with tukaani.org. It appears the domain, or at least credentials > > associated with Jia Tan, have been used to create an obfuscated ssh > > server backdoor via the xz upstream releases since at least 5.6.0. > > Without extensive analysis, we should not take any associated code. > > It may be worth doing some retrospective analysis of past contributions > > as well... > > > > Lasse, are you able to comment about what is going on here? > > FWIW, it looks like this series has been in linux-next for a few days. > Maybe it needs to come out, for now at least? Yes, I have removed that series.