Unpopular opinion: The UMN security researchers that executed a successful supply chain attack on the kernel did a public service.
Can state actors get away with this too? Did they already?
We need serious reform in open source code review.
@nob0dy I committed anonymously to the kernel. If someone coerced me I could do it again, only this time I could be asked to slip in something extra.
How will they catch me? Clearly the review process is not sufficient.
The security researchers proved a point very successfully.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!