Readit NewsThe reason being that there's no relevance to the kernel, and modular kernels, also take this approach with replaceable plug-ins or extensions.
These compromised packages should have their page set to a read-only mode with downloads/installs disabled, with a big warning that they were compromised.
This is specially troublesome with Chrome Extensions and Android Apps, where it is not possible to get to know if I actually had the extension installed, and if I had, what it was exactly about.
Chrome Extensions getting automatically removed from the browser instead of permanently deactivated with a hint of why they can't be activated again, and which was the reason why the extension got disabled, is a problem for me. How do I know if I had a bad extension installed, if personal data has been leaked?
This also applies to PyPI to some degree.
----
Eventually the downloads should get replaced with a module which, when loaded, prints out a well defined warning message and calls sys.exit() with a return code which is defined as a "vulnerability exception" which a build system can then handle.
Joking aside, it's really neat to see the scale and sophistication of error detection appearing in these data centers.
I think if revenue or product quality is tied to a VCS, having an active-active or active-passive setup is the way to go.
Fortunately, I'm on an on-prem product so that investment hasn't seemed worth it yet.
This doesn't mean we don't escrow our code, but rather than try to rebuild from source, I just take a short coffee break and wait for the impacted service to come back up :)
I wonder if they have a big feature underway or are just migrating more infrastructure to Azure?
EDIT: Either way, some postmortems would be appreciated before more customers have to look for a backup solution...
https://www.mastercard.us/en-us/vision/corp-responsibility/c...