Tim Kelloggi don’t understand how people see the xz incident and conclude that open source is insecure. That level of social engineering could easily have worked on a company as well, but it was detected *because* it was open source. All other mechanisms failed, and it was just some random guy poking around that discovered it. That kind of scrutiny doesn’t happen on closed source systems
Chris Cunningham@kellogh although it obviously wasn't meant like that and I'm sure he's taken it all in his stride, had a nice profile boost, and saved the day: I can't help but feel a twinge of something every time a principal engineer who carried out a heroic feat of detective work here is described almost like a dog who found a trophy in a bush