• @Auli@lemmy.ca
    link
    fedilink
    English
    5
    edit-2
    9 months ago

    Yes but damage seems to be done. Distros are talking or have moved off of it to zstd.

    • Billegh
      link
      fedilink
      229 months ago

      There are some, probably. But any exodus will be slow. Xz isn’t useless because it was dangerous once.

      • @intrepid@lemmy.ca
        link
        fedilink
        149 months ago

        Besides, XZ isn’t the only project in such a danger. Banning doesn’t solve that problem. They need to put in more funding and eyes.

    • @PlexSheep@infosec.pub
      link
      fedilink
      109 months ago

      Zstd and xz fullfil different needs. Xz take more time to compress and is faster to decompress as far as I know.

      • Atemu
        link
        fedilink
        69 months ago

        XZ is a slog to compress and decompress but compresses a bit smaller than zstd.

        zstd is quite quick to compress, very quick to decompress, scales to many cores (vanilla xz is single-core only) and scales a lot further in the quicker end of the compression speed <-> file size trade-off spectrum while using the same format.

    • Calyhre
      link
      fedilink
      109 months ago

      I would argue this might make xz safer mid-term. So much eyes on it. I’m not familiar with other solutions, but who’s to say the bad actor won’t try a similar trick elsewhere