If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?
Short: No!
We are considering how to prevent fetching malicious code by accident, though.
In any case, we are open to collaborating with security researchers. Interested? Help us build a malware hunting team: https://codeberg.org/Codeberg/Contributing/issues/44
Background: #GitHub locked access to source code of xz, which was background of active investigation from the community.
+bonifartius 𒂼𒄄
@Codeberg keeping it online like the crimeflare repo? 
@bonifartius @Codeberg That's not relevant in the context of malware, it was removed for other reasons as listed in https://blog.codeberg.org/on-the-cloudflare-tor-takedown.html
@bonifartius @Codeberg I wouldn't joke like that about the law considering why it was removed. For malware there's legitimate interest for a select group of people to have access to it and use it for research purposes. Which *going back to topic* is being asked here if that should be allowed or not and if so, how. If I understand you correctly, it shouldn't be possible to have any access to the malware just like with any other unlawful repositories on Codeberg.
@Gusted @Codeberg
the malware repository should of course be available. there is no "select group" with free software, no matter if it contains malware or not.
i'm just really not liking that codeberg now tries to do some quick advertising around this when they in other cases just delete repositories on a whim, without good reason, without process.
crimeflate was removed because of the thread of anti hate crime law alone. it was all proactively. a list of people _publicly supporting cloudflare_.
if supporting cloudflare is something so bad that appearing on a list is dangerous, they shouldn't do it. at least that's the logic when things like lists are targeting people on the wrong political side. _those_ lists are totally 👌 of course.
from what i see, these laws i shouldn't joke about _are_ the joke.
@bonifartius @Codeberg Okay thank you for the feedback on that matter. It's an interesting takeaway to see this is as advertisement as we've done this to collect feedback for when this does hit Codeberg, we see that what GIthub did is not the best way forward, hence asking what people think about the best way to handle such cases.
I am not that close with the details of the crimeflare to add or respond to what you've said.
@Gusted @Codeberg
> If there was malicious code in a legitimate project hosted on #codeberg, would we remove access to it, including for security researchers?
>
> Short: No!
this 💯 reads like written by a sales person leveraging the moment.
which in theory would be fine by me. even if i'm no fan of advertising.
i want consistency. deleting repositories because of vague legal problems maybe happening in one case and now advertising "we wouldn't delete malware" isn't, as malware clearly is illegal as well.
