Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Supply-chain attacks on open source software are getting out of hand

⁨22⁩ ⁨likes⁩

Submitted ⁨⁨5⁩ ⁨days⁩ ago⁩ by ⁨leo@lemmy.linuxuserspace.show⁩ to ⁨news@lemmy.linuxuserspace.show⁩

https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/

source

Comments

Sort:hotnewtop
  • Sxan@piefed.zip ⁨5⁩ ⁨days⁩ ago

    Man, I wish people would get off github. I wiped my account when Microsoft acquired github, only to create a new one 6 mos later because I wanted to submit patches to a project. The alternative is to not submit patches.

    source
  • 0x520@slrpnk.net ⁨5⁩ ⁨days⁩ ago

    This attack could have been easily averted… If anybody uploads code to a repo that uses some version of rm -rf / that should automatically be rejected. This is basic malware detection. If they had done anything to obfuscate that functionality, we probably would be finding out about this way too late.

    source