• tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      20
      ·
      edit-2
      5 hours ago

      I mean, this kind of stuff was going to happen.

      The more-important and more-widely-used open source software is, the more appealing supply-chain attacks against it are.

      The world where it doesn’t happen is one where open source doesn’t become successful.

      I expect that we’ll find ways to mitigate stuff like this. Run a lot more software in isolation, have automated checking stuff, make more use of developer reputation, have automated code analysis, have better ways to monitor system changes, have some kind of “trust metric” on packages.

      Go back to the 1990s, and most everything I sent online was unencrypted. In 2024, most traffic I send is encrypted. I imagine that changes can be made here too.