Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Man, there is a lot of concerning stuff there.
In particular, one person commented that the original xz maintainer was possibly subjected to a pressure campaign to hand over maintainership.
I don't know how many open-source project maintainers would be on guard for something that subtle, people coordinating to take over maintainership of a project.
I mean, xz isn't normally something you'd immediately think of as security-critical. I doubt that a maintainer knows or thinks about about all the potential downstream dependencies (in this case, not even a standard sshd depedendency, but one that came up because of a patch that Debian used to add some systemd functionality).
EDIT:
On second thought, it actually is, given that Debian packages are xz-compressed.
Wow
And for a state sponsored attacker is cheaper to bribe (or threaten to kill, even cheaper) the single developer to add a backdoor than all the research to find a zero day