Whoever wrote, reviewed, and approved this at the OpenSSF.... - Random

Di4na, 1 month ago

Whoever wrote, reviewed, and approved this at the OpenSSF.

Consider leaving the organization. I am not joking. You have no idea what you are talking about; you know nothing about Open Source, and you seem to know nothing about Security, either.

Even less all these things combined. Just. Leave. Resign. It is ok to realize you are not the right person for that position. It happened to me before.

Have some self-respect.

https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ Di4na

Image

Image alternative text

Optional, 1 month ago

@Di4na honestly, this reads like it was generated by an LLM

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Di4na, 1 month ago

@Optional if only. It may have been helped by one though.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

poigon, 1 month ago

@Di4na "nor did xz have the OpenSSF Best Practices badge"
🤡

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

icejam_, 1 month ago

@Di4na > Looking back at the last OpenSSF Scorecard report on the xz repository, we do see a number of best practices such as Code-Review, Token-Permissions, Branch-Protection, and Static-Analysis were not enabled, nor did xz have the OpenSSF Best Practices badge. It’s difficult to predict whether these settings on their own would have prevented this backdoor, however, security best practices were not followed.

Howling.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment