GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 15:51:14 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
    > Go back to laptop
    > Oh yeah that ticket about xz trying to see what the future could bring
    > Repository suspended
    > Right…

    Once again "now what" but even stronger, dammit github.
    In conversation Saturday, 30-Mar-2024 15:51:14 JST from queer.hacktivis.me permalink
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 15:52:58 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      And btw I'd 100% support github cleaning the fuck out of the code as it would be taking the risk of hosting malware, but the issue tracker dammit…
      In conversation Saturday, 30-Mar-2024 15:52:58 JST permalink
    • Embed this notice
      LEdoian (ledoian@pleroma.ledoian.cz)'s status on Sunday, 31-Mar-2024 03:14:33 JST LEdoian LEdoian
      in reply to

      @lanodan I wouldn't probably support the code removal so directly. There is something to learn from the issue and it's not like there would not be vulnerable code on GitHub anyway (you can get e.g. Linux kernel v5.12-rc1-dontuse if you want). Imho the issue is not "someone could see the bad code", but "somebody could get it by mistake", at which point a better way would be ~making sure people can only download the code interactively and with seeing a big warning for some time.

      But GitHub needs to be on good terms with their shareholders (not community), so it would make sense they would remove it preemptively. Also, if Jia got enough rights over the xz repo, they might have killed it themself, no GitHub employee involved.

      In conversation Sunday, 31-Mar-2024 03:14:33 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.