Free software's not-so-eXZellent adventure
Paul Oranje
por at oranjevos.nl
Sun Jun 16 03:19:48 PDT 2024
As to be expected LWN has an excellent article from Corbet [1] that
comes up with questions to be taken seriously by the FOSS community and
especially communities such as OpenWrt that distribute (binary) releases.
One of the comments [2] names some practical rules that may help to
compartmentalise the build processes to enhance resilience against
advanced attacks as experienced by xz.
Another comment [3] touches on a little know but possible useful feature
of github that allows to block/ban presumed trolls etc. That functions
comes with some moral questions though. At the least, this subthread
identifies some of the ("sockpuppet") accounts (on github) that were
used to pressure the maintainer of xz.
[1] https://lwn.net/Articles/967866/
[2] https://lwn.net/Articles/968150/
[3] https://lwn.net/Articles/968496/
Regards,
--
paul oranje
More information about the openwrt-devel
mailing list