| ▲ | ting0 4 hours ago | |
https://boehs.org/node/everything-i-know-about-the-xz-backdo... This is the scariest part to me: > A pull request (https://github.com/jamespfennell/xz/pull/2) to a go library by a 1Password employee is opened asking to upgrade the library to the vulnerable version | ||
| ▲ | 2OEH8eoCRo0 2 hours ago | parent [-] | |
People are always trying to bump versions because it's (usually) an easy contribution. | ||