Comments (2)
Ah, great callout! This is certainly a great topic to bring up 🙂
Re: the discussion page, I found it impossible for me to monitor as I wasn't receiving proper notifications for it any community members weren't actively contributing to it, so I deactivated it to consolidate in Issues as it was being used as previously
Re: 7zip-bin, I don't manage that project so I'm not familiar with how the binaries were provided/committed. When was the xz
backdoor introduced? The last commits on the 7zip-bin project are 2+ years old as you mentioned, so I'd like to correlate timestamps with that first.
For app-builder-bin
, I'm also not too positive as I'm not familiar with the implementation, so I would encourage opening a GH Issue on that repo and link back here. We can ping the owner of the repo to do a thorough investigation of that. From what I gather, it does use the xz
installed on the system, but worth pinging the owner anyhow to double check.
from electron-builder.
Re: 7zip-bin, I don't manage that project so I'm not familiar with how the binaries were provided/committed. When was the
xz
backdoor introduced? The last commits on the 7zip-bin project are 2+ years old as you mentioned, so I'd like to correlate timestamps with that first.
From what I read, the compromised xz
packages were versions 5.6.0, released on 2024-02-24, and version 5.6.1, released on 2024-03-09.
For app-builder-bin, I'm also not too positive as I'm not familiar with the implementation, so I would encourage opening a GH Issue on that repo and link back here.
I created a ticket here: develar/app-builder#115
from electron-builder.
Related Issues (20)
- notarize set false but still No authentication properties provided (e.g. appleId, appleApiKey, keychain) HOT 1
- how can we change the download path for updater
- #4059 no autoclose HIGH PRIORITY HOT 1
- How to properly type updater events
- There is a build error when the configuration file on window is ts HOT 3
- electron-updater with electron-forge HOT 1
- Dependencies not rebuilt when prebuilt binaries not found? HOT 3
- msiWrapped installer target causes seemingly unnecessary UAC prompt
- 本地调试检测更新没有问题,打包成功后,安装electron应用时提示Cannot find module 'electron-updater' HOT 2
- Universal arch missing from 'TargetConfiguration' documentation
- electron-builder支持龙芯架构打包吗? HOT 1
- No space left on device (sparse files)
- Problems caused by excessively large extraResources resources
- Nested executables are expected to have provisioning profiles
- Unable to reach i18n json files through installed version
- how to create an updater process
- Docs for `NotarizeNotaryOptions` stop mid-sentence
- Keygen provider not working with target 'nsis-web' HOT 2
- Cannot produce a working windows binary from template project with no changes
- d
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from electron-builder.