pull down to refresh

10 sats \ 2 replies \ @zuspotirko OP 30 Mar 2024 \ on: GitHub Disables The XZ Repository Following Today's Malicious Disclosure tech

So three things:

  1. In this specific case this is a good thing. The new vulnerability in xz was shocking - imagine a malicious actor login to every Fedora, Debian and Ubuntu box on the internet.
  2. Andres Freund from Microsoft found this. By now, humanity relies 100% on engineers at big tech checking FOSS for funsies on company time
  3. In this case it might have been a good thing - but notice how fast Microsoft can just command their will? Even if this way of distribution is easily circumventable, this way of distribution is powerful
write
preview
3 sats \ 0 replies \ @03365d6a53 30 Mar 2024

Solid points

And a reminder to malicious actors (as well as the rest of us) to get off github 😅

reply
0 sats \ 0 replies \ @Coinsreporter 30 Mar 2024
  1. Yes, because MS has slaves and the command of the master is their wish.

I agree MS distribution is powerful but I suspect their sustainability.

reply