On 3/30/24 15:16, Oliver Webb wrote: > On Saturday, March 30th, 2024 at 15:06, Rob Landley <r...@landley.net> wrote: >> FYI, Microsoft Github disabled the xz repository because it became >> "controversial" (I.E. there was an exploit in the news). >> >> https://social.coop/@eb/112182149429056593 >> >> https://github.com/tukaani-project/xz > > They couldn't have removed commit access for the trojan horse and got on with > their lives?
Mastodon's been talking about this at length all day: https://mstdn.social/@rysiek/112184610302366603 https://hachyderm.io/@dalias/112182128889536710 https://cyberplace.social/@GossiTheDog/112184645230558304 https://social.secret-wg.org/@julf/112184194797977290 https://mastodon.social/@richlv/112180479433832095 And a lot of things the discussion was linking to went away. Oh well... >> I'm assuming if toybox ever has a significant bug, microsoft would respond by >> deleting the toybox repository. There's a reason that I have >> https://landley.net/toybox/git on my website, and my send.sh script pushes to >> that before pushing to microsoft github. > > As much as it doesn't matter, I've wondered what git web frontend you use, > The html source for > the massive table of commits doesn't give a copyright notice. https://github.com/landley/toybox/blob/master/scripts/git-static-index.sh https://landley.net/notes-2022.html#22-12-2022 > Do you just have a script make > a table out of "git log"? Furthermore, have you considered using cgit or > gitea or another > fancier git frontend for your own site? I engaged with cgit at one point and found it overcomplicated and unpleasant. I set up gitea for Jeff on a j-core internal server, and it was fine except it used a BUNCH of memory and cpu for very vew users. Running cgi on dreamhost's servers is a bother at the best of times (I don't want to worry about exploits), and the available memory/CPU there is wind-up toy levels. My website is a bunch of static pages rsynced into place, some of which use xbithack to enable a crude #include syntax, and that's about what the server can handle. > There is also the issue of you not being able to push commits to the github > repo because > github is forcing everyone to use 2FA. I haven't been hit by that yet for some reason. I push from the command line anyway (which is basically ssh), so if I lost website access I could presumably still update the README to let people know where to go. Rob _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net