The mission to stop the next global backdoor before it starts
8 hours ago
- #Linux
- #Open Source
- #Cybersecurity
- A backdoor was discovered in XZ Utils in 2024, potentially giving hackers control over millions of Linux systems.
- The backdoor was inserted by Jia Tan, who gradually took over the project from its original maintainer, Lasse Collin.
- Andres Freund, a Microsoft engineer, spotted the backdoor due to unusual delays in SSH connections.
- Commonhaus Foundation, co-founded by Erin Schnabel, aims to support open-source maintainers, especially solo ones, with governance and financial assistance.
- Commonhaus uses an adapted version of Martha’s Rules for efficient, collaborative decision-making.
- The foundation focuses on reducing burnout by encouraging succession planning, transparency, and minimal governance.
- Commonhaus has grown, now supporting projects like Debezium, Hibernate, and Quarkus.
- The foundation provides legal and financial scaffolding but relies heavily on IBM/RedHat for funding.
- Commonhaus aims to attract non-Java projects and improve financial support for maintainers.
- The foundation’s light-touch approach appeals to seasoned maintainers but may not suit early-stage projects.