The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.
The world where it doesn’t happen is one where open source doesn’t become successful.
I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.
Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.
Why can’t we have nice things instead.
I mean, this kind of stuff was going to happen.
The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.
The world where it doesn’t happen is one where open source doesn’t become successful.
I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.
Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.
I believe you. There is no AI ever made that could have as bad a grammar as you. ;)
Because people have forgotten that bad actors exist.