• Auli@lemmy.ca
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    7 months ago

    Yes but damage seems to be done. Distros are talking or have moved off of it to zstd.

    • Billegh@lemmy.world
      link
      fedilink
      arrow-up
      23
      ·
      7 months ago

      There are some, probably. But any exodus will be slow. Xz isn’t useless because it was dangerous once.

      • intrepid@lemmy.ca
        link
        fedilink
        arrow-up
        14
        ·
        7 months ago

        Besides, XZ isn’t the only project in such a danger. Banning doesn’t solve that problem. They need to put in more funding and eyes.

    • Calyhre@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      7 months ago

      I would argue this might make xz safer mid-term. So much eyes on it. I’m not familiar with other solutions, but who’s to say the bad actor won’t try a similar trick elsewhere

    • PlexSheep@infosec.pub
      link
      fedilink
      arrow-up
      10
      ·
      7 months ago

      Zstd and xz fullfil different needs. Xz take more time to compress and is faster to decompress as far as I know.

      • Atemu@lemmy.ml
        link
        fedilink
        arrow-up
        6
        ·
        7 months ago

        XZ is a slog to compress and decompress but compresses a bit smaller than zstd.

        zstd is quite quick to compress, very quick to decompress, scales to many cores (vanilla xz is single-core only) and scales a lot further in the quicker end of the compression speed <-> file size trade-off spectrum while using the same format.