[kwlug-disc] Fw: Backdoor found in widely used Linux utility
Chris Frey
cdfrey at foursquare.net
Mon Apr 1 14:20:55 EDT 2024
On Mon, Apr 01, 2024 at 05:48:24PM +0000, Mikalai Birukou wrote:
> More specifically, we need a sign at a lower height sign saying "I
> should be this short and still capable to read your code, before it gets
> merged." This doesn't mean, though, that "I love you" should be spelled
> in hundred pages -- coding is art, but it isn't human poetry.
>
> May be, if a particular cleverness level is hit, one must have tests and
> user stories for that little function that runs in a build pipeline.
> Allow cleverness, but make clever guy to put all sorts of fences around
> it. May be.
Raging against cleverness won't fix it, in my opinion. From what
I can tell, this guy had commit privileges and didn't need anyone else
to review his code before it got merged. He was trusted.
Also, some of the code I've seen was not clever at all... it was
verbose nonsense that needed a for loop to simplify.
We need more reviewers. At the upstream level, yes, but also at the
distro level. The people who package the code should review the
changes between each version, and understand every change.
- Chris
More information about the kwlug-disc
mailing list