Very cool
Very cool
Posted Aug 6, 2024 3:02 UTC (Tue) by NYKevin (subscriber, #129325)In reply to: Very cool by Phantom_Hoover
Parent article: Pulling Linux up by its bootstraps
As I explained upthread,[1] the original attack is, was, and has always been a fantasy, and so it is logical to conclude that Thompson was not speaking literally. I think it is plausible to read Thompson as anticipating the general(!) category of attack which includes the xz backdoor. I would summarize this interpretation of Thompson as "supply chain attacks don't have to be visible in source code to be effective."
Posted Aug 6, 2024 8:54 UTC (Tue)
by chris_se (subscriber, #99706)
[Link]
Regardless of whether Thompson himself meant it like that or not, I really like your summary. It's catchy enough that one could make a t-shirt out of it. :-)
Very cool
> I would summarize this interpretation of Thompson as "supply chain attacks don't have to be visible in source code to be effective."