XZ backdoor in a nutshellPossibly linux@lemmy.zip to Linux@lemmy.ml – 1208 points – 3 months ago162Post a CommentPreviewYou are viewing a single commentView all commentsShow the parent commentPackages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one. What happens when that person can't afford to or doesn't want to run the project anymore? What if they become malicious? What if they sell out? Etc.What if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.https://xkcd.com/2347
Packages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one. What happens when that person can't afford to or doesn't want to run the project anymore? What if they become malicious? What if they sell out? Etc.What if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.https://xkcd.com/2347
What if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.
Packages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one.
What happens when that person can't afford to or doesn't want to run the project anymore? What if they become malicious? What if they sell out? Etc.
What if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.
https://xkcd.com/2347