The XZ backdoor seems to have become a Rorschach test that shows whatever you already believed about the security of open source software against sabotage.
It clearly proves the inherent superiority of the open source model. Or the inherent vulnerability. One of those, definitely.
@mattblaze i have a post going around (~200 boosts) pointing out how the “many eyes” is resistant against social engineering. Unfortunately, a reply thread on that post is not getting any attention, where i note that it’s a very small advantage, and that it’s actually kind of amazing that it held up. i got some heat for saying that…
@mattblaze It is strange, that we are so much used to hear about hacks of big companies, that we nearly do not recognize it anymore. When we have a look at how fast in this case the hack was found and fixed: That was really impressive.
And starting a reasearch because of 0.5 sec delay you cannot explain: In how many companies would you get persmission to do that?
@mattblaze tbh it just reminds me of when a popular Minecraft mod repository changed owners and reviews of uploaded mods degraded; and the very first week someone snuck in a trojan by using embedded binary in the source code.
Add comment