115
OpenSSL goes GitHub only
(openssl.org)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
How is it "safer" when contributing to the codebase or filing and discussing issues will now require creating an account and giving up personal information to one of the most privacy-invasive tech companies in the world? 😳
Agreed!
You are mistaking contributing and distributing.
Edit to clarify: The blog is strictly speaking about the means of distributing the release tarball. Distributing the release tarball has nothing to do with how contribution is accepted or how issue is handled. What they say on the blog is also very clear IMHO and for a good reason. Maintaining infrastructure takes work. Works that if you didn't do it right can be an attack vector. Do you guys remember xz? Do you read how the vulnerabilities came to be? Maintaining a single source of truth for the release tarball can help mitigate that. If one malicious actor can control even one of the distribution channels of the release tarball we get xz 2 electric boogaloo.
This announcement is just downloads which will continue to be available anonymously.