[kwlug-disc] Fw: Backdoor found in widely used Linux utility
William Park
opengeometry at yahoo.ca
Tue Apr 2 11:03:15 EDT 2024
> We need more reviewers.
This means money. Really, how many of us pay for our distros and
packages?
On 2024-04-01 14:20, Chris Frey wrote:
> On Mon, Apr 01, 2024 at 05:48:24PM +0000, Mikalai Birukou wrote:
>> More specifically, we need a sign at a lower height sign saying "I
>> should be this short and still capable to read your code, before it gets
>> merged." This doesn't mean, though, that "I love you" should be spelled
>> in hundred pages -- coding is art, but it isn't human poetry.
>>
>> May be, if a particular cleverness level is hit, one must have tests and
>> user stories for that little function that runs in a build pipeline.
>> Allow cleverness, but make clever guy to put all sorts of fences around
>> it. May be.
>
> Raging against cleverness won't fix it, in my opinion. From what
> I can tell, this guy had commit privileges and didn't need anyone else
> to review his code before it got merged. He was trusted.
>
> Also, some of the code I've seen was not clever at all... it was
> verbose nonsense that needed a for loop to simplify.
>
> We need more reviewers. At the upstream level, yes, but also at the
> distro level. The people who package the code should review the
> changes between each version, and understand every change.
>
> - Chris
>
>
> _______________________________________________
> kwlug-disc mailing list
> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> with the subject "unsubscribe", or email
> kwlug-disc-owner at kwlug.org to contact a human being.
More information about the kwlug-disc
mailing list