this post was submitted on 30 Mar 2024
1577 points (97.7% liked)

linuxmemes

20880 readers
8 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 8 months ago (1 children)

Forgot to ask, but I would love to hear your thoughts on what @[email protected] has commented about this subject: https://lemmy.world/comment/9003210

[โ€“] [email protected] 3 points 8 months ago

In the broader context of that thread, I'm inclined to agree with you: The circumstances by which this particular vulnerability was discovered shows that it took a decent amount of luck to catch it, and one can easily imagine a set of circumstances where this vulnerability would've slipped by the formal review processes that are applied to updates in these types of packages. And while it would be nice if the billion-dollar-companies that rely on certain packages would provide financial support for the open source projects they use, the question remains on how we should handle it when those corporations don't. Do we front it ourselves, or just live with the knowledge that our security posture isn't optimized for safety, because nobody will pay for that improvement?