The backdoor highlights the politics, governance, and community management of an ecosystem exploited by massive tech companies and largely run by volunteers.
“Hey, it’s totally cool that Microsoft GitHub blocked access to one of the repositories in the very center of the xz backdoor saga,” Michal Woźniak, a white hat hacker who was part of a team that discovered DRM in a Polish train earlier this year wrote on Mastodon. “It’s not like a bunch of people are scrambling to try to make sense of all the right now, or that specific commits got linked to directly from media and blogposts and the like. Cool, cool.”
Security teams that break stuff to mitigate risk and call it fixed is exactly what Linus’s Do No Harm post is about.
When your entire security model consists of obfuscation and sticking your head in the sand, sweeping the vulnerabilities under the proverbial rug is the obvious course of action.
Security teams that break stuff to mitigate risk and call it fixed is exactly what Linus’s Do No Harm post is about.
When your entire security model consists of obfuscation and sticking your head in the sand, sweeping the vulnerabilities under the proverbial rug is the obvious course of action.
almost like having microsoft in charge of oir main code repository was a bad idea from the start.
we should start moving out…
Been saying that for a long time .
I’m sure anyone who really needs access can get to it. It’s not a surprise that MS don’t want to be sharing code with CCP sponsored backdoors.