On this podcast, Jay and Joao have discussed multiple times a situation where a threat actor submits a pull request that’s more than the project bargained for. And now, we have a situation where OpenSSH was (almost) backdoored by a commit by a maintainer of the xz project. Don’t miss this episode for all the details!






Thanks to TuxCare for sponsoring the Enterprise Linux Security podcast. Check out their awesome services to see how they can simplify Linux administration!



Download Links




MP3 version



Ogg version




Relevant Articles




A Deep Dive on the xz Compromise (Joao’s Article)



XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

Ver todos los episodios