What we know about the xz Utils backdoor that almost infected the world - Ars Technica
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.| Ars Technica
I can't tell you how many times I've said or heard someone say, as professional software developers, that we were waiting on a feature or bug fix in some open source software. Just waiting. Because we usually have no choice in the matter. We're actually not allowed to contribute. We can only take, never give, and that's how we end up where we are today.| hachyderm.io
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.| Ars Technica
For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.| Musings about software
