| ▲ | SamuelAdams 5 days ago | |
This study seems flawed. It references the Xz backdoor, but then talks about malware in Linux distribution packages? It would make more sense to study and interview package management systems like PyPy and Nuget instead. | ||
| ▲ | worksonmine 4 days ago | parent | next [-] | |
How is it flawed? If the intent is to investigate Linux packages isn't the repositories of Linux distributions the best place to study? Debian for example packages PyPi packages and the maintainer could introduce a backdoor in the version provided by Debian. Only focusing on PyPi wouldn't catch that case. | ||
| ▲ | SV_BubbleTime 5 days ago | parent | prev [-] | |
Would a XZ hack have not worked on a Linux machine? (It would have) Are researching PyPy and Pip and Nuget and VSCode Extensions and AI pickle models all exclusive? | ||