10 sats \ 2 replies \ @zuspotirko OP 30 Mar \ on: GitHub Disables The XZ Repository Following Today's Malicious Disclosure tech
So three things:
- In this specific case this is a good thing. The new vulnerability in xz was shocking - imagine a malicious actor login to every Fedora, Debian and Ubuntu box on the internet.
- Andres Freund from Microsoft found this. By now, humanity relies 100% on engineers at big tech checking FOSS for funsies on company time
- In this case it might have been a good thing - but notice how fast Microsoft can just command their will? Even if this way of distribution is easily circumventable, this way of distribution is powerful
Solid points
And a reminder to malicious actors (as well as the rest of us) to get off github 😅
reply
- Yes, because MS has slaves and the command of the master is their wish.
I agree MS distribution is powerful but I suspect their sustainability.
reply