On Tue, Nov 02, 2021 at 05:58:14AM -0700, skybuck2000 wrote:
I haven't even read this document fully yet, but all signs point to MAJOR TROUBLE AHEAD for open source projects: https://www.trojansource.codes/trojan-source.pdf My recommendation is to hold all patches/pull requests until solutions/defense/shields are found !
I kindly ask you to tone down a bit (well, more that a bit, actually). There are two problems with such alarms here, on this list: - None of the Git developers actually read it, so there's no one in position to act on whatever drastic problem is discovered, if any. Please see this [1]. - For good, or bad, we're not living in a setting typical to a space opera movie or something those typical movies about "computer hackers". A full explanation about why it's pointless to over-react to another vulnerability would require too much time, but really it all boils down to the fact the most exploitable part of any IT system is human beings. To put it in simple words, you do not need to create an elaborate trojan to attack a power plant if you simply can bribe an IT technician working there for them to bring in an USB stick with an Autorun.inf placed in its root folder ;-) 1. https://gist.github.com/tfnico/4441562#writing-an-email-to-the-developers-list -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/git-users/20211103090634.mox6wn7habvipge6%40carbon.
