Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 15:51:14 JST Haelwenn /элвэн/ :triskell:
   > Go back to laptop
   > Oh yeah that ticket about xz trying to see what the future could bring
   > Repository suspended
   > Right…
   
   Once again "now what" but even stronger, dammit github.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 30-Mar-2024 15:52:58 JST Haelwenn /элвэн/ :triskell:

     in reply to
     And btw I'd 100% support github cleaning the fuck out of the code as it would be taking the risk of hosting malware, but the issue tracker dammit…
   • Embed this notice
     LEdoian (ledoian@pleroma.ledoian.cz)'s status on Sunday, 31-Mar-2024 03:14:33 JST LEdoian

     in reply to

     @lanodan I wouldn't probably support the code removal so directly. There is something to learn from the issue and it's not like there would not be vulnerable code on GitHub anyway (you can get e.g. Linux kernel v5.12-rc1-dontuse if you want). Imho the issue is not "someone could see the bad code", but "somebody could get it by mistake", at which point a better way would be ~making sure people can only download the code interactively and with seeing a big warning for some time.

     But GitHub needs to be on good terms with their shareholders (not community), so it would make sense they would remove it preemptively. Also, if Jia got enough rights over the xz repo, they might have killed it themself, no GitHub employee involved.