Moving the goalposts and splitting hairs. The fact remains the open source model... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

wannacboatmovie 6 months ago | parent | context | favorite | on: OpenSSH Backdoors

Moving the goalposts and splitting hairs. The fact remains the open source model allowed an imaginary person, operating on behalf of a threat actor, to obtain privileged commit access to a widely used open source project without any vetting whatsoever. Let me repeat that. They were given control of the repo without even verifying this person exists. To do this at a commercial company you actually have to show up and interview which is an order of magnitude more difficult than creating an anonymous Gmail account and be given the keys to the kingdom.

anthk 6 months ago [–]

You are the one who moved the goalpost here. Vanilla OpenSSH doesn't link against xz, period. Not even the portable versions as LibreSSL does for OpenSSL.

If distros randomly patch OpenSSH because of SystemD, it's their problem.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact