Zurück

To people looking for an archive of the XZ code, you might want to check out https://tukaani.org/xz-backdoor/ which links to https://git.tukaani.org/. GitHub is not the only source of truth, although meta information about the Pull Requests is locked in to this silo.

@bonifartius @Codeberg That's not relevant in the context of malware, it was removed for other reasons as listed in https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html

@Gusted @Codeberg so hand-wavy guesstimates are enough reason for deleting repositories under the guise of "we have to because THE LAW!!1" while malware, something which is illegal to host as well isn't?

@bonifartius @Codeberg I wouldn't joke like that about the law considering why it was removed. For malware there's legitimate interest for a select group of people to have access to it and use it for research purposes. Which *going back to topic* is being asked here if that should be allowed or not and if so, how. If I understand you correctly, it shouldn't be possible to have any access to the malware just like with any other unlawful repositories on Codeberg.

@Gusted @Codeberg
the malware repository should of course be available. there is no "select group" with free software, no matter if it contains malware or not.

i'm just really not liking that codeberg now tries to do some quick advertising around this when they in other cases just delete repositories on a whim, without good reason, without process.

crimeflate was removed because of the thread of anti hate crime law alone. it was all proactively. a list of people _publicly supporting cloudflare_.

if supporting cloudflare is something so bad that appearing on a list is dangerous, they shouldn't do it. at least that's the logic when things like lists are targeting people on the wrong political side. _those_ lists are totally of course.

from what i see, these laws i shouldn't joke about _are_ the joke.

@bonifartius @Codeberg Okay thank you for the feedback on that matter. It's an interesting takeaway to see this is as advertisement as we've done this to collect feedback for when this does hit Codeberg, we see that what GIthub did is not the best way forward, hence asking what people think about the best way to handle such cases.

I am not that close with the details of the crimeflare to add or respond to what you've said.

@Gusted @Codeberg
> If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?
>
> Short: No!

this reads like written by a sales person leveraging the moment.

which in theory would be fine by me. even if i'm no fan of advertising.

i want consistency. deleting repositories because of vague legal problems maybe happening in one case and now advertising "we wouldn't delete malware" isn't, as malware clearly is illegal as well.