Originally posted by avis
View Post
Announcement
Collapse
No announcement yet.
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
Collapse
X
-
Originally posted by hf_139 View Postxz is a good format and i am not going to move away from it just because the NSA asset RedHat tells me to. The company that runs XKeyscore and PRISM isn't the most trustworthy.
- Likes 15
Comment
-
Originally posted by byteabit View Post
This has nothing to do with what Microsoft does on closed source Windows. And it does not matter at all for this topic.- Anyone can contribute, that's great! (except when it's bad actors)
- Many eyes are scanning the code! (except when absolutely no one does)
- Since it's open it's less likely to be buggy/insecure! (except it's not been proven)
- Likes 2
Comment
-
-
-
Originally posted by Volta View Post
Exactly opposite. GitHub reacts as if it was the author of this malware.
It is going to need more explaining why they should do anything else, let alone why NOT distributing malware makes them untrustworthy.
- Likes 12
Comment
-
Originally posted by avis View Postwhich shows how people here who continue to blame MS for having/pushing/distributing back doors in their products are far removed from reality.Last edited by Volta; 30 March 2024, 06:20 AM.
- Likes 8
Comment
-
Originally posted by mSparks View Post
it locked malware authors out of their account and stopped distributing malware.
It is going to need more explaining why they should do anything else, let alone why NOT distributing malware makes them untrustworthy.
- Likes 2
Comment
-
Originally posted by ⲣⲂaggins View PostDisabling the repository was dumb as f*ck. The Arch PKGBUILD, for example, points to it as its upstream. So now if Arch wants to build a good package from an old commit, they can't, because upstream has disappeared.
It's also now needlessly hard for people to analyse the paper trail of commits and discussions, since one has to find a fork or a mirror. And since such forks and mirrors inevitably exist, they're not really blocking access to anything.
GitHub should have marked the repo read-only, and maybe reset master branch to some older commit to prevent unsuspecting people from building the pwned version, but not disabled the repository entirely. This makes me think the staff have no idea what they're doing.
- Likes 6
Comment
-
Originally posted by mSparks View Post
They absolutely are, this one is only bad because China did it.
China is a whole different issue because the party and businesses are intricately intertwined in the country. It's much less so in the US and other purported democracies. China almost doesn't sell software outside. On the other hand these three companies serve the entire world and have a lot at stake.
- Likes 3
Comment
Comment