[Linux-aus] How could we get society to adequately fund free software developers
Brian May
brian at linuxpenguins.xyz
Fri Apr 5 09:11:04 AEDT 2024
Brian May via luv-main <luv-main at luv.asn.au> writes:
> This story reminds me of an npm package. The maintainer passed on the
> job to a new maintainer as they were no longer interested in maintaining
> the package. The new maintainer added a dependancy on another package
> which had back door code. Or something like that. Oh, think I found it:
>
> https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502
Now another example:
https://www.securityweek.com/xz-utils-backdoor-attack-brings-another-similar-incident-to-light/
Sure, maybe this was on honest mistake, but it does seem very
suspicious.
https://social.librem.one/@eighthave/112194828562355097
https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889
--
Brian May @ Linux Penguins
More information about the linux-aus
mailing list