|
|
|
|
|
|
by electroly
1109 days ago
|
|
|
This is a Chinese CA, I don't think there was a danger of any of us using it, and none of them are here to receive this criticism. Most of your complaints are about the shell script that the Chinese CA is injecting and that's... not really the problem at all. It's amazing that it's not literally a rootkit; that's what I expected when they said a Chinese CA was injecting a shell script that acme.sh was running. You're missing the forest for the trees here. This doesn't get better if they had injected a better-written script or a Rust program or whatever else. They could still have injected anything, and that's the problem. The people who wrote acme.sh (different people than the Chinese CA), which has the security vulnerability that the Chinese CA exploited, might have some soul-searching to do. |
|
|