Gregory's Server
To people looking for an archive of the XZ code, you might want to check out https://tukaani.org/xz-backdoor/ which links to https://git.tukaani.org/. GitHub is not the only source of truth, although meta information about the Pull Requests is locked in to this silo.
|
3 comments
@Codeberg There is also a softwareheritage.org archive https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://github.com/tukaani-project/xz @Codeberg One idea I have for preventing accidental fetches of malicious code would be to prevent access through the primary domain, and require the use of a seperate (sub)domain such as [caution.codeberg.org](caution.codeberg.org), or [codeberg-caution.org](codeberg-caution.org). Weither this is done throgh a seperate instance it is cloned to, or via special handeling in the forejo would be up to debate. |
@Codeberg Many thanks for your work on openess. It's another proof that git history is not sufficient and we cannot tolerate a locked silo like Github. PR, issues, comments and everything else are an essential part of the repository, the code is not enough.