this post was submitted on 30 Mar 2024
331 points (98.5% liked)

Linux

48378 readers
964 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

They haven't particularly made a comment on the situation so much as acknowledged it's happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc.

(The sceptical tone isn't because of disbelief of Collin, it's because we don't know enough about the situation to be able to say Collin is or isn't telling the truth here.)

you are viewing a single comment's thread
view the rest of the comments
[–] eveninghere@beehaw.org 2 points 8 months ago (19 children)

I am starting to believe that we shouldn't rely on this type of labor product in the first place. Something as critical as OpenSSH should be (and possibly is) funded by the users and also NOT use third party libs because it's dangerous, as this incidence showed. FOSS is free not as in beer.

[–] digdilem@lemmy.ml 4 points 8 months ago (5 children)

Good luck with that.

Commercial and closed source software is no safer, and may even be using the same foss third-party libs under the hood that you're trying to avoid. Just because foss licences generally require you to disclose you're using them, it doesn't mean that's what actually happens.

And even if, by some miracle, they have a unique codebase - how secure is that? Even if an attacker can't reach the source, they can still locate exploits and develop successful attacks against it.

At its core, all software relies upon trust. I don't know the answer to this, and we'll be here again soon enough.

[–] eveninghere@beehaw.org 2 points 8 months ago* (last edited 8 months ago) (4 children)

I'm not saying that they should go closed source.

Your part on using foss third-party libs also makes no sense because my theoretical assumption is that they're not used.

Your argument bent my logic for the sake of making it weaker. Please counter my argument without altering it, and I indeed admit it's imperfect. But this particular lineage of comments is not constructive at all.

[–] BCsven@lemmy.ca 1 points 8 months ago* (last edited 8 months ago)

A side note. Proprietary closed source software totally uses opensource components. They may or may not disclose it, and they have to offer up what they used, however they are often making the disclosure a fine print item. We support a large proprietary software, we see the memos come through about what bug fixes or opensource library has an issue or vulner. The customers can aign up for this also, but I bet 99% of them don't sign up. And if they were polled on if the software if it was open/closed I'm sure they would say closed only

load more comments (3 replies)
load more comments (3 replies)
load more comments (16 replies)