It is fixable. Model requires proof that you are a legitimate developer of that piece of software....

dist-epoch • today at 11:37 AM • 5 replies • view on HN

It is fixable.

Model requires proof that you are a legitimate developer of that piece of software.

Every Anthropic/OpenAI account will have a list of projects the model is allowed to work on for security issues.

Replies

https://en.wikipedia.org/wiki/XZ_Utils_backdoor

> A subsequent investigation found that the campaign to insert the backdoor into the XZ Utils project was a culmination of over two years of effort, starting in 2021, by a user going by the name "Jia Tan". They used sock puppetry in a pressure campaign against the original maintainer of XZ Utils, eventually being given maintainer permissions on the project.

➕ show 2 replies

cogman10 • today at 12:03 PM

Ok, and how is that determined? How does anthropic know my "kernel" project isn't a personal toy and not the Linux kernel? How does anthropic determine I'm a legitimate kernel hacker? What proof do I give them and how does it tie back to my email? What would the steps be to create a new project? Do I need to send anthropic a list of my team members each time and keep them updated as the company changes? Shall I be giving them access to our company's active directory?

➕ show 3 replies

ReptileMan • today at 12:01 PM

Everyone is legitimate developer on open source software...

_davide_ • today at 11:40 AM

Sounds like a good solution my Führer

animitronix • today at 4:09 PM

lol worst idea ever

alt Hacker News

Replies