Boycott 7-zip: "Limited" Open Source & Security Issues

submitted by [deleted] from (nixsanctuary.com)

all 4 comments
sorted by:
top
newinsightfulfun

[–]package 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (1 child)

TLDR: not updated in a long time and also WAAAH RUSSIA BAD WAAAH ALL RUSSIAN THINGS BAD WAAAH.

[–]jamesK_3rd 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yeh this is it it a nutshell.

I'm amazed that when new devs come in at work, I hear over and over about they won't use anything with gui that looks like it's from the 90s even though it may be functionally more capable than software designed and created today.

And security... Silly, it's an archive utility..

[–]infocom6502 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I'm not sure if anyone here's aware of it, but there was a recent news spash on a fake CVE submission re 7zip. Somebody took the time to make up an invalid proof of concept and create submissions that ended up s a CVE. This was covered in a linux security podcast last month. This thread also covers it.

https://sourceforge.net/p/sevenzip/discussion/45797/thread/65ce9ab4cb/

It looks like multiple people were involved in what looks like a campaign.

[–]infocom6502 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I found the OSSec podcast i think:

https://opensourcesecuritypodcast.libsyn.com/episode-323-the-fake-7-zip-vulnerability-and-sbom