Ask HN: What can we do as a community to prevent XZ-like attacks in future?

by kjok on 4/1/2024, 9:46 PM with 3 comments
  • by lulznews on 4/2/2024, 4:59 AM

    The companies making billions (trillions?) off this stuff could actually fund it and stop relying on exploiting naive code monkeys.

  • by SeriousM on 4/1/2024, 10:39 PM

    - Enforcement of blob-generating code to be committed too and a test to check if someone has tampered with the blobs. Or generate test-blobs just before execution. In short: habe everything readable. - Once a project is referenced just over a reasonable threshold the maintainer should be checked and may transfer the ownership if the new maintainer is verified too.

  • by talldayo on 4/1/2024, 10:01 PM

    Read pull requests

  • by on 4/1/2024, 10:45 PM

    undefined