this post was submitted on 07 Apr 2024
20 points (83.3% liked)
Cybersecurity
5409 readers
163 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Supporting projects - either with money or helping with code review in a transparent way.
The xz maintiner was burned out, bullied for being negligent (likely by the attackers), had personal mental health issues and became the first victing of this backdoor long before the code was merged.
Ideally, developers on projects like xz would band together. Projects like that rarely see much development, but when they do, it's a lot all at once. So devs being able to move between a handful of projects would lighten the load on everyone.
So if you maintain a FOSS project, consider helping out with others related to your project (e.g. dependencies), and consider reaching out to devs of those projects for help on yours as well. It would be awesome to have a few pockets of dev coalitions so devs feel more comfortable taking a step back.
That's a very good idea. Support your dependencies' maintainers people.