Commentary guidelines on external dependencies regarding the attack on the xz project / Splitcells™ Network

TODOS

[ ] https://blog.holz.nu/2024/03/29/0.html
[ ] https://www.danisch.de/blog/2024/04/01/die-xz-attacke/
[ ] https://research.swtch.com/xz-timeline
[ ] Remove Spring Boot dependency.
[ ] Create guidelines for dependencies.
[ ] The Open Source Software Supply Chain Isn't REAL!!
https://www.softwaremaxims.com/blog/not-a-supplier

Disclaimer no Linux expert

The attack on xz

That is the cause for this commentary.

Small vs big dependencies

Quality is a Myth

Everybody hates Systemd

Why UNO is so ineffective?

Any Real solution will be likely a badly perceived solution.

M2 repo inside git repositories

Consequences for Network Project

[ ] Custom adaptable and injectable API ar important. The absent makes dependency problems bigger.
[ ] There will not be a fix for such attacks for now, but a TODO regarding this in the dependency guidelines is required.
[ ] Limited backward compatibility

-

+

guidelines

Relevant Local Path Context

-

+

task-archive

2024-04-02-external-dependencies-commentary.html

Back to content

-

+

Impressum Licensing Front Menu Main Menu Privacy Policy User Profile Page

Messages

Activate Javascript in order to enable all functions of this site.

Metadata About This Document

Unless otherwise noted, the content of this html file is licensed under the EPL-2.0 OR GPL-2.0-or-later.

Files and other contents, which are linked to by this HTML file, have their own rulings.

Footer Functions