Frühere Suchanfragen
Suchoptionen
Verwaltet von:
Anoxinon e.V. 
If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?
Short: No!
We are considering how to prevent fetching malicious code by accident, though.
In any case, we are open to collaborating with security researchers. Interested? Help us build a malware hunting team: https://codeberg.org/Codeberg/Contributing/issues/44
Background: #GitHub locked access to source code of xz, which was background of active investigation from the community.
To people looking for an archive of the XZ code, you might want to check out https://tukaani.org/xz-backdoor/ which links to https://git.tukaani.org/. GitHub is not the only source of truth, although meta information about the Pull Requests is locked in to this silo.
@Codeberg Many thanks for your work on openess. It's another proof that git history is not sufficient and we cannot tolerate a locked silo like Github. PR, issues, comments and everything else are an essential part of the repository, the code is not enough.
@Codeberg One idea I have for preventing accidental fetches of malicious code would be to prevent access through the primary domain, and require the use of a seperate (sub)domain such as [caution.codeberg.org](caution.codeberg.org), or [codeberg-caution.org](codeberg-caution.org). Weither this is done throgh a seperate instance it is cloned to, or via special handeling in the forejo would be up to debate.