I know sir.
My apologies.

What I actually meant to say was

"Please, Sirs, somebody check the port! I am not qualified enough to do 
so myself."


Thomas

On 4/1/24 13:47, Theo de Raadt wrote:
> Thomas Dettbarn <dettus@dettus.net> wrote:
>
>> Hello.
>>
>>
>> Yeah... You know how the social engineering part of this xz
>> backhole was done?
>>
>> Somebody pressured the Maintainer, that he needs to add new
>> features.
>>
>> Afterwards, the maintainers of distributions were pressured to
>> update, because there were some "NEW FEATURES" available.
>>
>> Your post sounded eerie similar. As do some of the gitlog entries.
>>
>>
>> Just my two cents...
>> (I am sure that I have not yet earned the privilege to post it on this list,
>> but I felt like I had to say something. Blame it on poor impulse control!)
>
> I think that is an uneducated take on the situation.  It sounds like:
>
>      "I can't really tell, but I'm very suspicious, I'm not going to put
>      any effort into justifying my suspiciouns, but in the meantime maybe
>      it is better if everyone stop all open source work of any sort
>      immediately.  Just my pointless two cents."
>
>
>> On 4/1/24 12:55, Kirill A. Korinsky wrote:
>>> Folks,
>>>
>>> Despite of current security issue with xz/lzma the algortihm itself provides
>>> great compression, and the existing XZ Utils provide great compression in
>>> the .xz file format, but they produce just one big block of compressed data.
>>>
>>> Here, a new port which is called archivers/pixz which produces a collection
>>> of smaller blocks which makes random access to the original data possible.
>>> This is especially useful for large tarballs.
>>>
>>> This can be used as seprated application or via tar, that described on
>>> homepage: https://github.com/vasi/pixz
>>>
>>> --
>>> wbr, Kirill