Hello, In light of recent xz utils backdoor, I was wondering if FreeBSD way of organizing software development could be more resistant to this kind of a threat. I always felt because the base system is built released by the same group of developers, its quality, consistency and security is better. I do realize that in case of xz, it lives under contrib/ and was not rewritten into a BSD-licensed alternative by FreeBSD devs, but perhaps it was at least scrutinized.
To summarize: - Do you think FreeBSD-style development is more resistant to a helpful rogue contributor? - If yes, which social/technical processes exactly make it more resistant? - If no, do you think something should changed (eg. in handling of contrib packages)? Thanks for your thoughts, -- Marcin Koziej GPG key: https://go.cahoots.pl/gpg/ Ϟ Fediverse: https://chaos.social/@movonw
