Markus Feilner (has moved)Mar 31, 2024
#xzbackdoor ... Wow. Four weeks to notice, only hours to fix and a day(?) to deploy. #opensource, #debian, #suse, #redhat, #linux : You Rock! We Rock! Dont tell that to #Microsoft #Apple #Cisco #Ivanti #Fortinet or the like, they will cry.
Show threadMarkus Feilner

@mfeilner

Another thought:

The attackers needed probably more than one man year to create, replace and hide the backdoor. It took one performance nerd at Microsoft (and PostgreSQL) and few days to take down the threat. That is
#AsymmetricalWarfare in #opensource #cybersecurity. So powerful.

Apr 1, 2024 at 3:04pmWeb
Show threadMarkus FeilnerApr 1, 2024

Third thought:

We need to make sure that the crucial people in crucial projects are supported. This #xzbackdoor would not have been possible without the maintainer being overloaded. Only that way the hackers could be appointed deputy-in-chief maintainers...