On Fri, Mar 29 2024 at 07:44:12 PM +01:00:00, Mikel Olasagasti
<mikel(a)olasagasti.info> wrote:
Do we know if GH release tarballs are safe?
The tarballs generated by GitHub that just include the contents of the
git repo should be safe (at least from this particular issue), but the
Fedora package is not built from those. It was built from the malicious
release tarballs.