metalspoon parent
I pointed out this weakness the other day on the internet. I got attacked by open source software armies.
Maybe it was because you weren't pointing out anything new?
There was a pull request to stop linking liblzma into libsystemd a month before the backdoor was found
https://github.com/systemd/systemd/pull/31550
This was likely one of many things that pushed the attackers to work faster, and forced them into making mistakes.
No. They couldn't get along with the idea that some open source software packages should also sometimes be cut away, just like all other packages.
They felt threatened by the idea that open source maintenance can ever go wrong and started attacking me. They argued closed source was worse.
That was not my point at all. I was not raising a weakness of open source. I was just pointing out that linking to libsystemd had that kind of problem.
FOSS zealots are not always security experts.
Please don't throw despicable systemd zealots and honorable open source zealots into the same bucket ;)
Please don't bring group-identity politics here.
Plot twist: systemd zealots were all sockpuppets
Thanks for sharing.