zlacker

[parent] [thread] 1 comments
1. chasil+(OP)[view] [source] 2025-07-25 03:20:58
However, do you consider yourselves as able to resist a nation-state level adversary with resources dedicated to compromising you?

I think of two things, the Solar Winds build corruption, and putty's mishandling of e521 keys.

What is your vulnerability to a similar disaster, exploited or not?

replies(1): >>Attrec+7I
2. Attrec+7I[view] [source] 2025-07-25 11:28:59
>>chasil+(OP)
Funny how your mayer example is actually proprietary closed-source software. So being an open source project carried by a large community doesn't seem to be an actual drawback -- if at all, a Solarwinds-like attack is far more improbably to succeed in a popular and well run open source project than in the darkness of closed source.
[go to top]