Tim Bray on Nostr: I think the #xz incident is teaching us that our infrastructure is dangerously ...
I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.
So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion:
https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQIPublished at
2024-04-02 22:37:47Event JSON
{
"id": "62b81d62c2c2c61c212131afcb0fb36363525f6fbb236c7c5e9df03ae99df943",
"pubkey": "973c779cb5e72ff0b6f0f47f8e86aee1face1c21b80ae0d9bc50968aa717e4b8",
"created_at": 1712090267,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://cosocial.ca/users/timbray/statuses/112203547801373427",
"activitypub"
]
],
"content": "I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale. \n\nSo, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI",
"sig": "9645303c5b8d365b0675a8bef3af74bd2eaf559205f39913201155a379450af4a7e524b6919aedeff12f6dcb9170df85dc8771f8ebc4a663060ab13ade3aba1e"
}