alt Hacker Newshttps://en.wikipedia.org/wiki/XZ_Utils_backdoor
> A subsequent investigation found that the campaign to insert the backdoor into the XZ Utils project was a culmination of over two years of effort, starting in 2021, by a user going by the name "Jia Tan". They used sock puppetry in a pressure campaign against the original maintainer of XZ Utils, eventually being given maintainer permissions on the project.
Replies
dist-epoch • today at 11:40 AM
sure. how many cases like these we had so far? 1, 2? and how long did they work to get commit access?
➕ show 2 replies
Can we retire the “seatbelts are useless because they can’t prevent every loss of life” approach to risk mitigation please?
If the acceptance criteria is “would prevent every single past instance and every imaginable future instance”, then yes, no mitigation is every sufficient to address any problem in the world, so we might as well give up.
But I don’t think that’s the right lens to use.