sonofearth@lemmy.world to Selfhosted@lemmy.worldEnglish · edit-22 days agoPromised myself I will support them after they go stable. They kept their promise and so did Ilemmy.worldimagemessage-square159fedilinkarrow-up1729file-text
arrow-up1729imagePromised myself I will support them after they go stable. They kept their promise and so did Ilemmy.worldsonofearth@lemmy.world to Selfhosted@lemmy.worldEnglish · edit-22 days agomessage-square159fedilinkfile-text
One of the best pieces of self-hosted software ever to exist. Edit: This is Immich! for the folks who don’t know.
minus-squareSeefoo@lemmy.worldlinkfedilinkEnglisharrow-up8·1 day agoSure supply chain attacks are a thing, but containers aren’t the issue. Any package delivery mechanism can suffer from it. Its up to you to verify those containers and/or build it yourself
minus-squarefrongt@lemmy.ziplinkfedilinkEnglisharrow-up3·1 day agoYup. Whoever backdoored xz was very close to getting it into production. The only reason they got caught was a slight performance regression and an inquisitive and dedicated developer. https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ Some years ago, a backdoor made it into Gentoo. https://www.zdnet.com/article/linux-infection-proves-windows-malware-monopoly-is-over-gentoo-ships-backdoor-updated/
Sure supply chain attacks are a thing, but containers aren’t the issue. Any package delivery mechanism can suffer from it. Its up to you to verify those containers and/or build it yourself
Yup. Whoever backdoored xz was very close to getting it into production. The only reason they got caught was a slight performance regression and an inquisitive and dedicated developer. https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
Some years ago, a backdoor made it into Gentoo. https://www.zdnet.com/article/linux-infection-proves-windows-malware-monopoly-is-over-gentoo-ships-backdoor-updated/