Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-43733

xz 5.6.2 is available, and get rid of "Jia Tan" pubkey

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • rhel-10.0.beta
    • rhel-10.0.beta
    • xz
    • None
    • xz-5.6.2-1.el10
    • None
    • Moderate
    • rhel-sst-cs-plumbers
    • ssg_core_services
    • 26
    • 1
    • False
    • Hide

      Setting this as blocker since we're going to look stupid if we don't fix this in RHEL 10.

      Show
      Setting this as blocker since we're going to look stupid if we don't fix this in RHEL 10.
    • None
    • None
    • None

      The current version of xz in RHEL 10 is 5.4.6. At least it doesn't have a back door.

      However it is signed with the "Jia Tan" public key, and that key is present in the dist-git repo and source RPM by name:

      $ ls
colorxzgrep.csh  gating.yaml         sources    xz.spec
colorxzgrep.sh   jia_tan_pubkey.txt  STAGE1-xz

      Also 5.6.2 is available upstream and very soon in Fedora Rawhide:
      https://bugzilla.redhat.com/show_bug.cgi?id=2283854

              jamartis@redhat.com Jakub Martisko
              rhn-eng-rjones Richard Jones
              Jakub Martisko Jakub Martisko
              Radka Brychtova Radka Brychtova
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: