Email or username:

Password:

Forgot your password?
Top-level
Joe Brockmeier

@jwildeboer yes… but. I’m now wondering if there are other instances we haven’t caught, or caught yet. Seems optimistic to assume that we’ve spotted a solitary instance of a very sophisticated approach to sneaking in back doors.

At a minimum, it might be time to revisit the practice of key signing parties and doing more to vet contributors.

1 comment
Jan Wildeboer 😷:krulorange:

@jzb What I am trying to say is that there are two sides here. Solving and cleaning up after it happened is #1. That is what I am talking about. #2, what you mention, is how to harden the FOSS ecosystem proactively to reduce the risk of stuff "hiding in plain sight" in FOSS. That's a far wider field with many more unknowns.

We just shouldn't mix the two things because that leads to open ending arguments and not to solutions, IMHO.

Go Up