Boycott 7-zip: "Limited" Open Source & Security Issues
submitted 1 year ago by [deleted] from (nixsanctuary.com)
[–]package 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - 1 year ago (1 child)
TLDR: not updated in a long time and also WAAAH RUSSIA BAD WAAAH ALL RUSSIAN THINGS BAD WAAAH.
[–]jamesK_3rd 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 1 year ago (0 children)
Yeh this is it it a nutshell.
I'm amazed that when new devs come in at work, I hear over and over about they won't use anything with gui that looks like it's from the 90s even though it may be functionally more capable than software designed and created today.
And security... Silly, it's an archive utility..
[–]infocom6502 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 1 year ago (1 child)
I'm not sure if anyone here's aware of it, but there was a recent news spash on a fake CVE submission re 7zip. Somebody took the time to make up an invalid proof of concept and create submissions that ended up s a CVE. This was covered in a linux security podcast last month. This thread also covers it.
https://sourceforge.net/p/sevenzip/discussion/45797/thread/65ce9ab4cb/
It looks like multiple people were involved in what looks like a campaign.
[–]infocom6502 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 1 year ago (0 children)
I found the OSSec podcast i think:
https://opensourcesecuritypodcast.libsyn.com/episode-323-the-fake-7-zip-vulnerability-and-sbom
use the following search parameters to narrow your results:
e.g. sub:pics site:imgur.com dog
sub:pics site:imgur.com dog
advanced search: by author, sub...
~3 users here now
Technology and related articles and discussion
[–]package 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 1 fun5 insightful - 2 fun - (1 child)
[–]jamesK_3rd 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)
[–]infocom6502 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (1 child)
[–]infocom6502 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)