If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?

Short: No!

We are considering how to prevent fetching malicious code by accident, though.

In any case, we are open to collaborating with security researchers. Interested? Help us build a malware hunting team: codeberg.org/Codeberg/Contribu

Background: #GitHub locked access to source code of xz, which was background of active investigation from the community.

Follow

@Gusted @Codeberg so hand-wavy guesstimates are enough reason for deleting repositories under the guise of "we have to because THE LAW!!1" while malware, something which is illegal to host as well isn't?

😹

@bonifartius @Codeberg I wouldn't joke like that about the law considering why it was removed. For malware there's legitimate interest for a select group of people to have access to it and use it for research purposes. Which *going back to topic* is being asked here if that should be allowed or not and if so, how. If I understand you correctly, it shouldn't be possible to have any access to the malware just like with any other unlawful repositories on Codeberg.

@Gusted @Codeberg
the malware repository should of course be available. there is no "select group" with free software, no matter if it contains malware or not.

i'm just really not liking that codeberg now tries to do some quick advertising around this when they in other cases just delete repositories on a whim, without good reason, without process.

crimeflate was removed because of the thread of anti hate crime law alone. it was all proactively. a list of people _publicly supporting cloudflare_.

if supporting cloudflare is something so bad that appearing on a list is dangerous, they shouldn't do it. at least that's the logic when things like lists are targeting people on the wrong political side. _those_ lists are totally 👌 of course.

from what i see, these laws i shouldn't joke about _are_ the joke.

@bonifartius @Codeberg Okay thank you for the feedback on that matter. It's an interesting takeaway to see this is as advertisement as we've done this to collect feedback for when this does hit Codeberg, we see that what GIthub did is not the best way forward, hence asking what people think about the best way to handle such cases.

I am not that close with the details of the crimeflare to add or respond to what you've said.

@Gusted @Codeberg
> If there was malicious code in a legitimate project hosted on , would we remove access to it, including for security researchers?
>
> Short: No!

this 💯 reads like written by a sales person leveraging the moment.

which in theory would be fine by me. even if i'm no fan of advertising.

i want consistency. deleting repositories because of vague legal problems maybe happening in one case and now advertising "we wouldn't delete malware" isn't, as malware clearly is illegal as well.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.