GitHub Disables The XZ Repository Following Today's Malicious Disclosure \ stacker news ~tech

GitHub Disables The XZ Repository Following Today's Malicious Disclosure www.phoronix.com/news/GitHub-Disables-XZ-Repo

11 sats \ 4 comments \ @zuspotirko 30 Mar tech

view all related items

10 sats \ 2 replies \ @zuspotirko OP 30 Mar

So three things:

In this specific case this is a good thing. The new vulnerability in xz was shocking - imagine a malicious actor login to every Fedora, Debian and Ubuntu box on the internet.
Andres Freund from Microsoft found this. By now, humanity relies 100% on engineers at big tech checking FOSS for funsies on company time
In this case it might have been a good thing - but notice how fast Microsoft can just command their will? Even if this way of distribution is easily circumventable, this way of distribution is powerful

3 sats \ 0 replies \ @03365d6a53 30 Mar

Solid points

And a reminder to malicious actors (as well as the rest of us) to get off github 😅

0 sats \ 0 replies \ @Coinsreporter 30 Mar

Yes, because MS has slaves and the command of the master is their wish.

I agree MS distribution is powerful but I suspect their sustainability.

0 sats \ 0 replies \ @Coinsreporter 30 Mar

Woah! Bad actors have come to Github now. I can only say that they must be the discarded employees from Google, Microsoft, Meta or any other company that codes in closed doors.

Awake, I hail the devils of open coding heaven a k.a. GitHub, throw away the nasty good looking hypocriteez and claim what's yours.