Comments by "Anony Mousse" (@anon_y_mousse) on "revealing the features of the XZ backdoor" video.

  1.  @AnttiBrax  I'll say it again, but banning is absolutely the wrong approach. The person being "toxic" to Lasse wasn't even the same ID that became the new maintainer. That ID was only ever nice and helpful. Whether it was multiple people or one very dedicated person is irrelevant, as is whether it was a state sponsored attack. The fact is that the ID which was used to compromise everyone was only ever nice.
    30
  2. This is why a static analysis tool, such as Valgrind, should be mandatory for every large and/or important project. Just not for every build cycle.
    14
  3.  @JMurph2015  Okay, then I'll amend my original statement by saying that use of such tools should be mandatory for big projects and the people using them should learn how to use them, as well as learn how to use more than just one tool.
    4
  4.  @JMurph2015  Linting is not the only static analysis and Valgrind can do both runtime and compile time.
    3
  5.  @paulfloyd9258  You're right. Somehow I was confusing my tools because I set up the autocmd's so long ago I forgot which I used for which. I apologize to anyone I confused with my comments and I think I might need to get tested for Alzheimer's.
    1
  6. This is why I don't update at the bleeding edge. If you wait for a proper review this kind of attack will bite you far less often. However, that said, the only way to be 100% safe is to write everything yourself, and there are maybe 10 programmers in the world who could do that, if they had the time.
    1