creator of #fediblock :verified::makemeneko:
(replying to Saagar Jha)
@saagar
> here is so many orders of magnitude more code being written than is properly reviewed that this can’t be fixed
if the focus is "core OS utilities" instead of "all code, everywhere" does this really need to be the case? it seems reasonable that security critical infrastructure might be held to a higher standard. ssh and inkscape are not remotely the same
> here is so many orders of magnitude more code being written than is properly reviewed that this can’t be fixed
if the focus is "core OS utilities" instead of "all code, everywhere" does this really need to be the case? it seems reasonable that security critical infrastructure might be held to a higher standard. ssh and inkscape are not remotely the same
Saagar Jha
(replying to creator of #fediblock :verified::makemeneko:)
@roboneko I think even critical infrastructure is quite large. Logging into a machine requires some sort of thing to approve that, all the dependencies it pulls in, language runtime, kernel, hypervisor, [unspeakable hardware horrors], … all to be good