Techly NewsGet the app

Get the latest tech news

Open Source, Supply Chains, and Bears


I didn’t want to add my voice to the cacophony of hot takes about the xz backdoor incident because I’m sure many people are already sick of hearing about it. However, there is something…

Most of the postmortem conversation I’ve witnessed has centered around the burnout of open source developers, corporations’ reliance and profiteering from volunteer labor, and how these factors can create a perfect storm for any nation state or sophisticated cyber-crime group that wants to backdoor infrastructure for their own gain. Your value proposition can simply be, “Patches for $library for $platforms; will upstream fixes at the original developer’s own pace,” predicated on the trust you’ve earned to your community. In addition to separating the responsibility into distinct roles (development, release management), it also adds a built-in layer of veracity that increases the probability of malicious updates being detected before they’re installed anywhere.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of bears

bears

Photo of open source

open source

Photo of supply chains

supply chains

Related news:

News photo

Flipboard deepens its ties to the open source social web (aka the fediverse)

News photo

Chronon, Airbnb's ML feature platform, is now open source

News photo

Databricks Claims Its Open Source Foundational LLM Outsmarts GPT-3.5

Axios Sees A.I. Coming, and Shifts Its Strategy »