Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://pleroma.ledoian.cz/objects/87acdcd0-d9dd-4316-9a39-86375ffa8027">LEdoian (ledoian@pleroma.ledoian.cz)'s status on Sunday, 31-Mar-2024 03:14:33 JST</a><a href="https://pleroma.ledoian.cz/users/ledoian" title="ledoian@pleroma.ledoian.cz"><img src="https://gnusocial.jp/avatar/152393-48-20230722231126.webp" width="48" height="48" alt="LEdoian" style="position: absolute; left: 0; top: 0;">LEdoian</a><div><a href="https://gnusocial.jp/notice/5724346" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://queer.hacktivis.me/users/lanodan">@lanodan</a> I wouldn't probably support the code removal so directly. There is something to learn from the issue and it's not like there would not be vulnerable code on GitHub anyway (you can get e.g. Linux kernel v5.12-rc1-dontuse if you want). Imho the issue is not "someone could see the bad code", but "somebody could get it by mistake", at which point a better way would be ~making sure people can only download the code interactively and with seeing a big warning for some time.</p><p>But GitHub needs to be on good terms with their shareholders (not community), so it would make sense they would remove it preemptively. Also, if Jia got enough rights over the xz repo, they might have killed it themself, no GitHub employee involved.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2880979#notice-5727179">In conversation</a><time datetime="2024-03-31T03:14:33+09:00" title="Sunday, 31-Mar-2024 03:14:33 JST">about 11 months ago</time> <span>from <span><a href="https://pleroma.ledoian.cz/objects/87acdcd0-d9dd-4316-9a39-86375ffa8027" rel="external" title="Sent from pleroma.ledoian.cz via ActivityPub">pleroma.ledoian.cz</a></span></span><a href="https://pleroma.ledoian.cz/objects/87acdcd0-d9dd-4316-9a39-86375ffa8027">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
LEdoian (ledoian@pleroma.ledoian.cz)'s status on Sunday, 31-Mar-2024 03:14:33 JSTLEdoian
in reply to
- Haelwenn /элвэн/ :triskell:
@lanodan I wouldn't probably support the code removal so directly. There is something to learn from the issue and it's not like there would not be vulnerable code on GitHub anyway (you can get e.g. Linux kernel v5.12-rc1-dontuse if you want). Imho the issue is not "someone could see the bad code", but "somebody could get it by mistake", at which point a better way would be ~making sure people can only download the code interactively and with seeing a big warning for some time.
But GitHub needs to be on good terms with their shareholders (not community), so it would make sense they would remove it preemptively. Also, if Jia got enough rights over the xz repo, they might have killed it themself, no GitHub employee involved.
In conversationabout 11 months ago from pleroma.ledoian.czpermalink

Public

Embed Notice

HTML Code

Corresponding Notice