Event JSON
{
"id": "535f3858a8ff8947bb94b12b4142ac72a6bac97b51848ff77f202d0c9f0ec24c",
"pubkey": "e8375e31d525b75bac96cbaa3c0eb86d08a056a83501ad82ea99fcc8a2b04059",
"created_at": 1711848801,
"kind": 1,
"tags": [
[
"p",
"d33ea30716562b9255e89766f4d1cf37324284944679d57a3eed9775876dc606"
],
[
"p",
"e8375e31d525b75bac96cbaa3c0eb86d08a056a83501ad82ea99fcc8a2b04059"
],
[
"p",
"269bf643b055ada34b723a876521bd3fc6b6d8357bd4952047d0004e3778a716"
],
[
"e",
"6da8185128c750c2f3f64cd5793424336941ec59d9de6397027096689c3d9681",
"",
"root"
],
[
"p",
"b832cfc8b7c5ac07ae2f27717f806fd07093f599638aca5cfd1e7363444a252b"
],
[
"e",
"04b6e057d9bae74c4882991832d325f12909d57c5c40dc3d2e686d13fd74a796",
"",
"reply"
],
[
"proxy",
"https://mastodon.social/users/rst/statuses/112187723039443677",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/rst/statuses/112187723039443677",
"pink.momostr"
]
],
"content": "The usual definition of \"supply chain\" is all the places where you get your code -- whether a contractual relationship exists, as in, say, the SolarWinds attack, or not, as in the current xz attack or the case described below. And consequences for the victims are the same either way, so focusing on having legal paperwork is a distraction, not a defense\n\n https://www.reversinglabs.com/blog/more-malicious-npm-packages-found-in-wake-of-jumpcloud-supply-chain-hack",
"sig": "623f1ff6c5422a189526b8c42ada6065029d9adf6749013d09d26c76348404bbca4e583fa219c4a66515be218e66dc349bebfc493a501eff6eb613f01745c1f4"
}
