Possibly linux to [email protected]English • 1 year agoXZ backdoor in a nutshelllemmy.zipimagemessage-square158fedilinkarrow-up11.23K
arrow-up11.23KimageXZ backdoor in a nutshelllemmy.zipPossibly linux to [email protected]English • 1 year agomessage-square158fedilink
minus-squareAmju WolflinkfedilinkEnglish31•1 year agoPackages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one. What happens when that person can’t afford to or doesn’t want to run the project anymore? What if they become malicious? What if they sell out? Etc.
minus-squareslazer2aulinkfedilinkEnglish17•1 year agoWhat if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.
Packages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one.
What happens when that person can’t afford to or doesn’t want to run the project anymore? What if they become malicious? What if they sell out? Etc.
What if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.
https://xkcd.com/2347