On Fri, Mar 18, 2022 at 12:53:06PM -0400, Alvin Starr via talk wrote:
> This is not just an open source issue since anybody can inject bad code into
> a project.
> Open source being more open has fewer people working to hide issues.
>
> This is defiantly an example of someone taking an action
This is not just an open source issue since anybody can inject bad code
into a project.
Open source being more open has fewer people working to hide issues.
This is defiantly an example of someone taking an action without
thinking about the potential for collateral damage.
But multiple state
Supply chain risks are important in open source: with so many
contributors, how can one be sure that there aren't malicious components?
(Buggy components are also a threat.)
(Closed source has this problem too, with some variations.)
This is a scary real current example: