xz
It occurs to me that a lot of distros probably have a lot of already-built packages that involved one of the suspicious xz versions in their build process, and I don't know that they all have the tooling to track which packages need to be rebuilt...
xz, gloating
@joepie91 another nixos w
xz, gloating
@syn Yes, though arguably an accidental one, sort of - it's not really what the dependency system was *designed* for afaik, just a consequence of the design choices
xz, gloating
@joepie91 I'd argue that "exact input tracking" is very much an explicit design goal
xz, gloating
@syn Yes, but not for the specific purpose of knowing what packages to rebuild if a backdoor were ever discovered
xz, gloating
@syn (It's kind of hard to classify these things because Nix is in a category of software where "benefits we didn't anticipate" are expected as a category, it's just not known which benefits they will be)