Ask HN: What can we do as a community to prevent XZ-like attacks in future?
7 points by kjok 1 year ago | 3 comments- lulznews 1 year agoThe companies making billions (trillions?) off this stuff could actually fund it and stop relying on exploiting naive code monkeys.
- SeriousM 1 year ago- Enforcement of blob-generating code to be committed too and a test to check if someone has tampered with the blobs. Or generate test-blobs just before execution. In short: habe everything readable. - Once a project is referenced just over a reasonable threshold the maintainer should be checked and may transfer the ownership if the new maintainer is verified too.
- talldayo 1 year agoRead pull requests
- 1 year ago