After just having responded to the third #curl security report for the evening I noticed a post that cheered me up...
-
@bagder that dependency on a single software or even person feels problematic to me (not your fault obviously) but I'm very grateful for one of my favorite command line tools!
️@winniehell does that really make sense when it is open source?
i think a single software project has potentially better quality and security compared to many with spread efforts. the challenge is to coordinate the efforts around one project and that is a social problem
of course depending on a single person is never good (bus factor)
-
@winniehell does that really make sense when it is open source?
i think a single software project has potentially better quality and security compared to many with spread efforts. the challenge is to coordinate the efforts around one project and that is a social problem
of course depending on a single person is never good (bus factor)
@davidak I have no idea. my argument would be that zero-days don't appear in completely different pieces of software at the same time. but on the other hand that doesn't matter if the chance for zero-days is reduced.
-
R relay@relay.mycrowd.ca shared this topic
