Comments by "George Albany" (@Spartan322) on "Don't get cocky: CrowdStrike can happen to Linux u0026 Mac too" video.

  1. To be fair, had there been a malicious actor in a closed-source version o XZ, the exploit would've never been discovered, some people like to claim private companies audit their code better but often times they're simply worse if not equal to open-source at it, the only valid concern with open-source that would be uncommon with closed-source is the potential for a high-value, sparsely-considered piece of software has a burned out maintainer who might accidentally let something bad pass or add a malicious actor as contributor. However it is because XZ was open that it was even possible for that exploit to be caught, so while the possibility of a malicious actor getting full reign over a project is higher, the amount of eyes over said project especially in dev branches would mitigate that risk, specifically had XZ been released, it would've only been viable on Ubuntu before it was caught, which was why the malicious actor was attempting to get it pushed into Debian quickly, cause had it followed normal Debian protocol Ubuntu (or even perhaps Fedora) would've been the canary in the coalmine even before the Microsoft employee stumbled upon it. That would've been bad, but so long as we have diverse release schedules, catching things is merely a matter of time when it comes to dev releases. It would be better then any Windows release where they all practically get bricked at the same time which has happened with pieces of Windows software, so on that level Windows is actually no more secure regarding the XZ exploit.
    1