[Toybox] Microsoft github took down the xz repo.
Rob Landley
rob at landley.net
Sat Mar 30 14:06:37 PDT 2024
On 3/30/24 15:16, Oliver Webb wrote:
> On Saturday, March 30th, 2024 at 15:06, Rob Landley <rob at landley.net> wrote:
>> FYI, Microsoft Github disabled the xz repository because it became
>> "controversial" (I.E. there was an exploit in the news).
>>
>> https://social.coop/@eb/112182149429056593
>>
>> https://github.com/tukaani-project/xz
>
> They couldn't have removed commit access for the trojan horse and got on with their lives?
Mastodon's been talking about this at length all day:
https://mstdn.social/@rysiek/112184610302366603
https://hachyderm.io/@dalias/112182128889536710
https://cyberplace.social/@GossiTheDog/112184645230558304
https://social.secret-wg.org/@julf/112184194797977290
https://mastodon.social/@richlv/112180479433832095
And a lot of things the discussion was linking to went away. Oh well...
>> I'm assuming if toybox ever has a significant bug, microsoft would respond by
>> deleting the toybox repository. There's a reason that I have
>> https://landley.net/toybox/git on my website, and my send.sh script pushes to
>> that before pushing to microsoft github.
>
> As much as it doesn't matter, I've wondered what git web frontend you use, The html source for
> the massive table of commits doesn't give a copyright notice.
https://github.com/landley/toybox/blob/master/scripts/git-static-index.sh
https://landley.net/notes-2022.html#22-12-2022
> Do you just have a script make
> a table out of "git log"? Furthermore, have you considered using cgit or gitea or another
> fancier git frontend for your own site?
I engaged with cgit at one point and found it overcomplicated and unpleasant.
I set up gitea for Jeff on a j-core internal server, and it was fine except it
used a BUNCH of memory and cpu for very vew users. Running cgi on dreamhost's
servers is a bother at the best of times (I don't want to worry about exploits),
and the available memory/CPU there is wind-up toy levels.
My website is a bunch of static pages rsynced into place, some of which use
xbithack to enable a crude #include syntax, and that's about what the server can
handle.
> There is also the issue of you not being able to push commits to the github repo because
> github is forcing everyone to use 2FA.
I haven't been hit by that yet for some reason. I push from the command line
anyway (which is basically ssh), so if I lost website access I could presumably
still update the README to let people know where to go.
Rob
More information about the Toybox
mailing list