Christine Lemmer-Webber2d ago

Significant raise of reports (on the Linux Kernel Mailing List) https://lwn.net/Articles/1065620/

Here's something I think we all will have to contend with, whether you're an AIgen enthusiast or not: attacking is easier than defending, and these things don't get tired and they *are* very good at finding exploits. None of us will be able to ignore that, and we will probably have to listen to real genuine reports from them, even if we reject AIgen input.

However, I don't think that's actually the right solution, and I don't think it's sustainable. ๐Ÿงต

Significant raise of reports [LWN.net]

Show threadbartosz ๐Ÿšฒ๐ŸŒณ๐Ÿ๐Ÿฆ€

@cwebber "- people will finally understand that security bugs are bugs, and that the only sane way to stay safe is to periodically update, without focusing on "CVE-xxx""

I am not sure how this is going to work. How can be sure that the newest update is not a troyan horse (cf. recent axios breach)?

Apr 2 at 3:21pmMastodon for Android
Show threadRichter1d ago
@btel @cwebber I believe that lies in update cooldowns, IE, specific updates must have been publically viewable (and being tested by the public) for at least x time period before they can be picked up by downstream tools.