If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?
Short: No!
We are considering how to prevent fetching malicious code by accident, though.
In any case, we are open to collaborating with security researchers. Interested? Help us build a malware hunting team: https://codeberg.org/Codeberg/Contributing/issues/44
Background: #GitHub locked access to source code of xz, which was background of active investigation from the community.
Codeberg.org /
npub1cu…jktrl
2024-03-31 21:21:56
Author Public Key
npub1cujzmpp2d3ldueuk2wx3mqruvyfehr64rmh245t4qs2eux83arzsdjktrlPublished at
2024-03-31 21:21:56Event JSON
{
"id": "3ba44f28627fbda5086bafd04bfae9aafb3b057d7613662896557c3745208ba1",
"pubkey": "c7242d842a6c7ede6796538d1d807c61139b8f551eeeaad17504159e18f1e8c5",
"created_at": 1711920116,
"kind": 1,
"tags": [
[
"t",
"codeberg"
],
[
"t",
"github"
],
[
"proxy",
"https://social.anoxinon.de/users/Codeberg/statuses/112192396740544157",
"activitypub"
]
],
"content": "If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?\n\nShort: No!\n\nWe are considering how to prevent fetching malicious code by accident, though.\n\nIn any case, we are open to collaborating with security researchers. Interested? Help us build a malware hunting team: https://codeberg.org/Codeberg/Contributing/issues/44\n\nBackground: #GitHub locked access to source code of xz, which was background of active investigation from the community.",
"sig": "cd55169218ca27dbcbf6f6607acda005e34c7c948bc101871c2a4cc78ee9fd33c64dc0bf2c7e716d284d33474b748710975b5d7ceea0dcb202e4909a36aedb8a"
}