On Thu, Jan 23, 2020 at 1:08 PM D. Hugh Redelmeier via talk <[email protected]> wrote: > > <https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/> > > This article list six cases of malware contributed to npm (the repo for > sharing node.js and JavaScript source). > > How many undetected cases exist? > > I've alway pretended that Linux distros vet their code. I'm not sure how > true that is. Probably the greatest protection is the time delay between > contribution and distribution. > > I wonder what can be done about this problem. I've said so at our > meetings a few times too. > > Of course the problem is worse with closed source: it is impossible to > audit the source. But closed source might have fewer contributors and > more supervision. Of course much closed soure is built on top of open > source and thuse all its weakness
In this vein - - - - a contact who in computer terms calls himself a dinosaur refuses to allow javascript on his computers doing all his browsing on text based browsers. In his opinion javascript is a serious accident already in free fall. What you're sharing only emphasizes that. Maybe its time to join his anti Javascript position? Regards --- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
