Ask HN: What can we do as a community to prevent XZ-like attacks in future?

7 points by kjok ↗ HN

4 comments

[ 3.3 ms ] story [ 25.8 ms ] thread
- Enforcement of blob-generating code to be committed too and a test to check if someone has tampered with the blobs. Or generate test-blobs just before execution. In short: habe everything readable. - Once a project is referenced just over a reasonable threshold the maintainer should be checked and may transfer the ownership if the new maintainer is verified too.
(comment deleted)
The companies making billions (trillions?) off this stuff could actually fund it and stop relying on exploiting naive code monkeys.