• @rotopenguin@infosec.pub
    link
    fedilink
    English
    39
    edit-2
    9 months ago

    My $0.05 reading of it is that they want to hose down the build servers* and start clean, in case if the attacker escaped the sandboxing there.

    * (the computers that compile all of the new packages from source, not web servers that are handing out finished deb binaries to the public.)

    • style99
      link
      fedilink
      319 months ago

      They’re rebuilding all the newer builds “out of an abundance of caution.” The servers themselves obviously don’t run on experimental software.

    • Avid Amoeba
      link
      fedilink
      59 months ago

      That would make sense if they ran servers on non-LTS release. Do they do that?

    • @rollingflower
      link
      39 months ago

      They dont run experimental software on their build servers.