this post was submitted on 16 Apr 2024
11 points (100.0% liked)
Security
5018 readers
1 users here now
Confidentiality Integrity Availability
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm kinda glad this happened because I was assuming bad actors were fucking with open source stuff before the XZ stuff came out and now it's on the radar.
Though I wonder if there's any way to automate watching for stuff like this. Like the XZ backdoor involved changing what was supposed to be a bad test file, it would be nice to have a system that treats all input files as immutable and if anything needs to be processed, it goes into a separate output folder plus has a reasoning included as to why the input file needs more processing, especially something that doesn't change from system to system.