As a packager, I totally relate to this: we generally don’t have the resources to follow the upstream development of the projects we rely on, let alone audit all the changes they make between releases. Open source software still has security advantages — we can communicate directly with the maintainers, backport security fixes and immediately release them to users, fix bugs that affect the distribution, etc. — but I agree that it’s not a silver bullet.
tedgravy
Firmware guy!
- 0 Posts
- 4 Comments
Joined 1 year ago
Cake day: June 8th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·1 year agoIf their apprenticeship program goes well, it might allow thousands of people to lift themselves out of poverty, especially if the pay is fair. I hope that’s the case.
That’s pretty interesting, but it’s also unfortunate for the people who got infected. Maybe requiring the JAR files to be signed by the authors help mitigate this type of attack.
I carry around a messenger bag with lip balm, wet wipes, earplugs, earbuds, bandages, sunscreen, sunglasses, a respirator, a hairbrush, a phone charger, a flashlight, and a reusable shopping bag.