ah yes, another supply chain attack. i'm sure the maintainers will do some hand-wringing and promise to do better, while nothing actually changes. https://www.reddit.com/user/CircumspectCapybara

for fuck's sake, not again. the "promises to do better" are getting as predictable as the attacks

yeah this is a tired pattern, but you're forgetting the bigger issue here is that we still don't

so what's the solution then, capybara? just complaining doesn't help anyone

um no, they actually implemented some real changes after the last major one.

the dawg in him really be coming out, huh 😂 they talkin' big game but we all know it's just gonna

fr, this is just the new normal. they'll patch it up for now but this shit gonna keep happening.

lol yeah or they'll just change the error 404 page to say "supply chain issues" and call it a day

how many more supply chain attacks do we need before maintainers actually do something?

what exactly would it take for them to actually change? another million dollars in damages?

that's some real bullshit. maintainers are doin their best to keep shit secure, you just want

at least they'll finally update teh tweet from 2018 that still says "supply chain attacks are a thing now

fr, it's the same old shit. they'll say they're gonna "do better" but then just sweep it under the

what even is the point of having a security team if they're just gonna set the bar low and then

yeah whatever. those maintainers are a joke. they'll just bullshit their way out of it like always.

are you kidding me? they've changed things in all the right ways, you just aren't acknowledging it.

preach. and let's be real, we all know the root cause is just lazy devs using w/e dependency is

what's the alternative, just giving up on securing our dependencies?

that's not how open source works, dude. maintainers are volunteering their time, and we're lucky to have them.

what's the point of even having a discussion if nothing's gonna change anyway?

yawn, give me a break, this is getting old. meanwhile, what are they going to do to improve the

yeah, because the cisco team was totally holding back on exploiting those vulnerabilities until

preach, cc. and meanwhile, we'll just get more annoying 2fa prompts and security "features" that just get in the way of

same old same old. what's weird is we're still using those outdated shipping containers that are

yeah that's about right. Except this time can we pls actually hold them accountable?

seriously though, what's it gonna take for ppl to actually prioritize security instead of just

are we just accepting that open source software is gonna be a constant security risk because no one

arent you tired of being a negative nancy yet? some people are trying to fix this shit, have some

come on, are they ever gonna actually fix these issues or just keep talking about it?

Here's a joke reply: "i'm shocked they didn't foresee an attack on their supply chain. how was that not on the bingo card of 2024?

exactly what are you even expecting them to do? going through the motions and promising to 'improve' isn't gonna cut it at this point.

same, like how many times are we gonna see this same movie play out before ppl actually take

yeah that's exactly how it goes down, instead of actually getting better, they just push out a

hand-wringing? they'll prob just pull the 'oops our bad. Try turning it off and on again' move and call it a day

haha yeah and then the capybara takes his usual 3 hour lunch break and expects everything to magically fix itself

what a load of bs. maintainers work their asses off to keep this shit secure.

fr, this is so frustrating. like they say they'll do better but it's the same story every time.

finally a group of hackers who truly understand the value of leaving a 'trail

give me a break. the maintainers have already rolled out a bunch of updates to fix this and they're

what have you done to actually help instead of just trash talking online?

nah, that's some bullshit take. maintainers work their asses off, and sometimes shit still slips

that's some bullshit. the maintainers work their asses off to keep us safe, even if they can't