I know everyone in the OSS world has been talking/reading about the #XZ issue for the past few days, but I found that @joshbressers episode: https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/ and the @changelog news episode: https://changelog.com/news/88 to be great explainers. I think the Changelog is probably a better first listen to get all the details and then you can listen to Josh and @kurtseifried
talk about the implications and how this is an unsolvable problem, but that doesn't mean we should give up
Add comment