Back

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.

Holy shit.

@eb I really hope that this causes an industry-wide reckoning with the common practice of letting your entire goddamn product rest on the shoulders of one overworked person having a slow mental health crisis without financially or operationally supporting them whatsoever. I want everyone who has an open source dependency to read this message https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.html

@eb "I never thought a sophisticated APT would backdoor *my* volunteer-maintained infrastructure that I got for free" sobs entire industry who voted for the "volunteer-maintained infrastructure that I get for free with no defense against sophisticated APTs" party

@glyph @eb please note that we are ALSO no fans of the "subsume free software into capitalism" solution that corporate and statist rhetoric has been pushing for a couple years now

@irenes @glyph @eb It's tricky to avoid the challenge that arises from the problem that (1) producing free software is work and (2) the workers live in a capitalist society and (3) the workers therefore need to pay for food and shelter.

Verily, there is no ethical consumption under capitalism.

@krans @glyph @eb sure. well, so the reason we personally call the thing we do "free software" is precisely to highlight the point that our own goal in publishing stuff without charge is very much to work towards a world without that problem, by creating something that exists as far outside it as we can manage (not all the way - obviously we have the free time to do that because of our other privileges)

@krans @glyph @eb we're very proactive-death-of-the-author about this. the FSF has failed to provide ideological leadership due to RMS's top-down style, but many of the ideals are good ones and it's the job of the current generation to renew the movement if we want our children to be able to enjoy its fruits the way we did

@krans @glyph @eb but you're right, of course, it's a valid point. we just don't think trying to coin a new term would be useful, if anything it would be a distraction from the cultural work that matters

@krans @glyph @eb we see it as important that our work be free-as-in-speech, yes, but it is also very much free as in we absolutely refuse to ever ask for or accept money for it (outside the scope of our day job)

again, yes, serious privilege on our part

@irenes @krans @glyph > as in we absolutely refuse to ever ask for or accept money for it (outside the scope of our day job)

Speak for yourself lol

@eb @krans @glyph yes, we are speaking for ourselves (just Irenes, not you). as we already clarified up-thread, in our display name, and in our bio, we are plural.

@krans @glyph @eb and we don't blame you for that! it is a real and common experience

@irenes @glyph @eb I think that loops round to my earlier point, which is that the fact it's a real and common experience creates the opportunities exploited by the xz malefactor.

Seems like we're on the same page overall.

@krans @glyph @eb yes, we think we're in agreement on all that <3