-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 13, 2023
> The Python Software Foundation (PSF) is concerned that proposed EU cybersecurity laws will leave open source organizations and individuals unfairly liable for distributing incorrect code.
> "If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product," the PSF said in a statement shared on Tuesday by executive director Deb Nicholson.
> Go 1.20.2 fixed a small vulnerability in the crypto/elliptic package. The impact was minor, to the point that I don’t think any application was impacted, but the issue was interesting to look at as a near-miss, and to learn from.
> Fundamentally, a scalar multiplication function was returning the wrong value for a very specific input because of a combination of the pre-existing complexity and unsafety of some optimized assembly, of undocumented assumptions, and of the neverending state of flux of open source code.
> Let’s start from some necessary building blocks, look at how the vulnerability happened, and talk about what we can learn from it.
> Somewhere in here, I’ll also be doing a reading. That isn’t scheduled yet, but I’m told it’s happening. Check the final schedule when you show up.
> Mobile Version: https://f-droid.org/packages/org.afrikalan.tuxmath/ Desktop Version: also if the user has been using rss reader apps, the user probably knows that StarShip fully-stacked maiden flight is said to be this week 😀 and: it might very well be GNU Linux powered!
-- Response ended
-- Page fetched on Sat Jun 1 06:50:32 2024