GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Gordon Messmer (gordonmessmer@fosstodon.org)'s status on Saturday, 30-Mar-2024 12:57:19 JST Gordon Messmer Gordon Messmer

    The least surprising thing about the xz vulnerability is that it happened to a widely used project after a maintainer hand-off. We've seen exactly the same thing repeatedly in npm, pypi, browser extensions, and other code marketplaces.

    Humans don't last forever. Hand-off is inevitable. And I've long held that because that is true, the size of the group of maintainers is an important security characteristic.

    Small projects create big risks.

    Sustainability is a security concern.

    In conversation about 8 months ago from fosstodon.org permalink

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.