Comment by chasil
9 months ago
However, do you consider yourselves as able to resist a nation-state level adversary with resources dedicated to compromising you?
I think of two things, the Solar Winds build corruption, and putty's mishandling of e521 keys.
What is your vulnerability to a similar disaster, exploited or not?
Funny how your mayer example is actually proprietary closed-source software. So being an open source project carried by a large community doesn't seem to be an actual drawback -- if at all, a Solarwinds-like attack is far more improbably to succeed in a popular and well run open source project than in the darkness of closed source.