Jan Wildeboer 😷
Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO. The level of transparency is stellar, especially compared to proprietary software companies. What the FOSS world has accomplished in 24 hours after detection of the backdoor code in #xz deserves a moment of humbleness. Instead we have flamewars and armchair experts shouting that we must change everything NOW. Which would introduce even more risks. Progress is made iteratively. Learn, adapt, repeat.
Albert ARIBAUD â“‚@jwildeboer As far as xz is concerned, there was indeed vigilance and proactivity. Less so in the case of libarchive, though, where the backdoor remained unnoticed from 2021 until now.
(not pointing fingers though, as it's not the first case of a vulnerability remaining present for years, and also as I do not have the street cred to do finger pointing as far as security goes)