It looks fishy. Happy to see somebody putting something out there but if I am not reading the code I have to trust reputation and the age and number of stars on GitHub (although those can be bought too) are not doing it for me.
When will there be the next xz attack thingy?
It’s open source, so you can read the code.
I absolutely could. That doesn’t change my stance on this software.
The code hidden in xz was also publicly available and didn’t get caught. So much for open source making all things safe just by being open source. And that was a high value target. Imagine what happens (or could) on a smaller scale.
Honestly now, are you reading code of a nice project You want to spin up in a docker to try out? I don’t. I check the project and the stars/engagement. If it goes any further I check who is involved in it and that’s about it.
Right? It is even odder to me that the selfhosted newsletter shared it.
What is xz attack thingy?
What is xz attack thingy?
Missed opportunity: “Support our dumbness” shoulda said “dumbasses” instead.
lol! I honestly wonder did they plan it all to come out at the same time or is it just ai coding?
