Many discussions about open source dependencies and maintenance happened in the last month.Two posts caught my eye in the Rust ecosystem: Sudo-rs dependencie...
Knowing whether software is maintained. I’m not sure that that would have actually produced a different outcome.
It wouldn’t have because XZ maintainership was given to the attacker. The attacker ran an entire abuse operation using puppet accounts to manipulate the already vulnerable owner. The attacker used high level social engineering tactics and ran a long con.
It wouldn’t have because XZ maintainership was given to the attacker. The attacker ran an entire abuse operation using puppet accounts to manipulate the already vulnerable owner. The attacker used high level social engineering tactics and ran a long con.