💾 Archived View for arcanesciences.com › gemlog › 24-03-29 captured on 2024-08-18 at 17:54:27. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-05-10)

-=-=-=-=-=-=-

sunset's gemlog!

Mandatory Post on the xz Backdoor

I don't have deep thoughts on this except "managing a FOSS project is hard and there's a highly profitable corporate ecosystem depending on stressed FOSS programmers that make nothing off their work." Informally-run projects by burnt-out people are ripe for exploitation by social engineering. It seems right now like somebody took advantage of that. The original maintainer, Lasse Collin, does not seem to have had any involvement except trusting the wrong person to try to keep his project maintained.

https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.html

When this was posted, nobody cared about how Lasse Collin was doing. Today everyone has an opinion, because they're threatened or inconvenienced, but when things are going well, the hard work of running a prominent project is taken for granted.

I hope he's okay.