Tim Kellogg on Nostr: i don’t understand how people see the xz incident and conclude that open source is ...
i don’t understand how people see the xz incident and conclude that open source is insecure. That level of social engineering could easily have worked on a company as well, but it was detected *because* it was open source. All other mechanisms failed, and it was just some random guy poking around that discovered it. That kind of scrutiny doesn’t happen on closed source systems
Published at
2024-04-02 12:02:07Event JSON
{
"id": "a279be91af21d212c7e8eb2d0132854010918981aa28c507d2dbadabf91af1a3",
"pubkey": "9cf67dc5d079721e4d1ce3ca8f7f173a17c0d59354a7742d9a103c6e25188f33",
"created_at": 1712059327,
"kind": 1,
"tags": [
[
"proxy",
"https://hachyderm.io/users/kellogh/statuses/112201520080270469",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://hachyderm.io/users/kellogh/statuses/112201520080270469",
"pink.momostr"
]
],
"content": "i don’t understand how people see the xz incident and conclude that open source is insecure. That level of social engineering could easily have worked on a company as well, but it was detected *because* it was open source. All other mechanisms failed, and it was just some random guy poking around that discovered it. That kind of scrutiny doesn’t happen on closed source systems",
"sig": "c313b85313cde974ba0cb29c756da5aa796bb2126f6f63bba4b90a7f7104030743ea3b2c8d66cedf9b110a5769bedb7a853894edb6475dc784d6cea3f629a0d2"
}
