Man, I wish people would get off github. I wiped my account when Microsoft acquired github, only to create a new one 6 mos later because I wanted to submit patches to a project. The alternative is to not submit patches.
Supply-chain attacks on open source software are getting out of hand
Submitted 9 months ago by leo@lemmy.linuxuserspace.show to news@lemmy.linuxuserspace.show
0x520@slrpnk.net 9 months ago
This attack could have been easily averted… If anybody uploads code to a repo that uses some version of rm -rf / that should automatically be rejected. This is basic malware detection. If they had done anything to obfuscate that functionality, we probably would be finding out about this way too late.