|
|
|
|
|
|
by arp242
801 days ago
|
|
|
A single incident doesn't really demonstrate that it's "open to exploits"; it just demonstrates that it's possible, but no system is 100% foolproof so that's not really meaningful. I can only recall two incidents: the other being the JS event-stream cryptothing and that was five years ago. Perhaps there are others I'm not aware of, but by and large, it seems very rare that projects that see real-world usage get compromised. (and don't give me any of that "but we don't know how often it happens!"-bollocks – you can always say that about almost anything; go find evidence). |
|
|
I am not sure why you describe that as bollocks. The most surprising part of the xz backdoor is that it was discovered by sheer luck. Imagine what would've happened if the backdoor hadn't caused a noticeable slowdown. It is not a stretch to imagine that there might be other backdoors in OSS that are not (yet) found.