I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.
So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI
Tim Bray /
npub1ju…3ue59
2024-04-02 22:37:47
Author Public Key
npub1ju780894uuhlpdhs73lcap4wu8avu8pphq9wpkdu2ztg4fchujuqy3ue59Published at
2024-04-02 22:37:47Event JSON
{
"id": "62b81d62c2c2c61c212131afcb0fb36363525f6fbb236c7c5e9df03ae99df943",
"pubkey": "973c779cb5e72ff0b6f0f47f8e86aee1face1c21b80ae0d9bc50968aa717e4b8",
"created_at": 1712090267,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://cosocial.ca/users/timbray/statuses/112203547801373427",
"activitypub"
]
],
"content": "I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale. \n\nSo, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI",
"sig": "9645303c5b8d365b0675a8bef3af74bd2eaf559205f39913201155a379450af4a7e524b6919aedeff12f6dcb9170df85dc8771f8ebc4a663060ab13ade3aba1e"
}