惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Vulnerabilities – Threatpost
GbyAI
GbyAI
P
Proofpoint News Feed
L
LINUX DO - 热门话题
P
Palo Alto Networks Blog
A
About on SuperTechFans
T
Tenable Blog
M
MIT News - Artificial intelligence
IT之家
IT之家
I
Intezer
D
DataBreaches.Net
爱范儿
爱范儿
T
Threatpost
C
CERT Recently Published Vulnerability Notes
云风的 BLOG
云风的 BLOG
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
K
Kaspersky official blog
大猫的无限游戏
大猫的无限游戏
A
Arctic Wolf
Y
Y Combinator Blog
Cyberwarzone
Cyberwarzone
酷 壳 – CoolShell
酷 壳 – CoolShell
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
Spread Privacy
Spread Privacy
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
AWS News Blog
AWS News Blog
博客园 - 聂微东
C
Check Point Blog
S
Securelist
有赞技术团队
有赞技术团队
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
Last Week in AI
Last Week in AI
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
D
Docker
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
L
Lohrmann on Cybersecurity
G
Google Developers Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog

LWN.net comments

tcmalloc's weird hack [LWN.net] Fixed? [LWN.net] mpd [LWN.net] Userspace AX.25 [LWN.net] RIP [LWN.net] My two cents... [LWN.net] pipx [LWN.net] Tragedy [LWN.net] A young man destined for glory [LWN.net] And 'less' won't let you search [LWN.net] A great loss [LWN.net] Sad and shocking news [LWN.net] Easy migration from Clementine [LWN.net] Sad coincidence [LWN.net] GNOME is actually usable thanks to Seth et al [LWN.net] Sad news :( [LWN.net] armhf supports preempt_rt [LWN.net] MusicBrainz accurracy [LWN.net] On open source maintainership [LWN.net] Let's stop here [LWN.net] Not a new thing [LWN.net] uv is indeed great pgmoneta Some comments on this on a Postgres blog feed [LWN.net] uv [LWN.net] going to Debian [LWN.net] Upgrading 64-bit-capable systems to 64-bit kernels? [LWN.net] Free Software foundations Maintainers can wait for code review but not for publish review? A reasonably extreme point of view [LWN.net] Maintaining old code Varieties of filesystems and schedulers, so why not for IPC mechanisms too? [LWN.net] AI and documentation [LWN.net] Delegating the work to a subsidiary [LWN.net] Maybe they should provide their reviews to the world [LWN.net] Something can be a bug but not a vulnerability [LWN.net] History is a little backwards ... [LWN.net] A reasonably extreme point of view [LWN.net] Let’s stop here [LWN.net] authd [LWN.net] Suggestion for bug report [LWN.net] Software pain points for long-term equipment [LWN.net] Wrong direction [LWN.net] mjg59 has lost the plot there [LWN.net] Role of German law in this? [LWN.net] Without beer? [LWN.net] Feels soul destroying [LWN.net] No zswap in Debian cloud kernel [LWN.net] No Beer?!? [LWN.net] The other fam [LWN.net] Thank you Andrew [LWN.net] Brave! [LWN.net] I second the cost factor [LWN.net] cassandra [LWN.net] Proprietary tools [LWN.net] familiar [LWN.net] ... is also staging. [LWN.net] Python package managers [LWN.net] Pour one out for AX.25... [LWN.net] tun/tap? [LWN.net] Another article at gnulinux.ch [LWN.net] Transitive checks [LWN.net] Just execute from stdin [LWN.net] Cross-compile Vacation [LWN.net] Concrete steps toward RFC 3550 (new Range types) You can rip with Windows apps too! Have the tempfile issues raised in the release notes been fixed? onlyoffice tried to add stuff in the fine print, and failed Work w/o publication is not science Removing art like offensive fortunes is a mistake. [LWN.net] De-googling (was Wtf) [LWN.net] I liked pdfmark [LWN.net] Juice then tag [LWN.net] why did PREEMPT_LAZY caused more preemptions than PREEMPT_NONE with THP disabled? [LWN.net] x86-64 was first introduced in 2003 [LWN.net] no memory safety? [LWN.net] False positive identification rate [LWN.net] "Defensive" AI use [LWN.net] LTS release? [LWN.net] ironic (ugly, good) [LWN.net] Moving away from LLVM [LWN.net] ironic (ugly, good) [LWN.net] Abandoning vim(1) ASAP [LWN.net] "Picard" naming [LWN.net] circular reasoning is a potential source of unsoundness [LWN.net] Nice to see an update [LWN.net] Writable THPs [LWN.net] Whole network messages [LWN.net] I'll fix my code ... [LWN.net] Can also recommend beets [LWN.net] Jack the CD ripper [LWN.net] How about the bad CDs? [LWN.net] systemd-boot [LWN.net] Significant raise of reports [LWN.net] IMO, it's appropriate [LWN.net] How about the bad CDs? [LWN.net] Update to include Part 4? [LWN.net] Pandoc also is invauable for a cheap-and-dirty retrieval augmented generation. [LWN.net] Whole network messages [LWN.net]
A better summary. [LWN.net]
LtWorf · 2026-06-13 · via LWN.net comments

A better summary.

Posted Jun 12, 2026 16:01 UTC (Fri) by LtWorf (subscriber, #124958)
In reply to: A better summary. by anselm
Parent article: Eliminating long-lived credentials with trusted publishing

I think it's extremely funny that instead of forcing people to use 2FA to do uploads, they forced 2FA to login, and then you create a long lived all-powerful token and forget about 2FA.

I was doing uploads by typing in my password (not stored in any password manager), and now the only way I can do uploads (without moving my projects on a corporate-owned forge) is via a token which sits on my disk, ready to be stolen.

Google gave me an hardware token for free, but it only works for web login.

All of this effort and I'm now less secure than I was a few years ago. Which makes me strongly suspect that ballombe's take is the right one. USA is adding constraints to foreign companies forcing them to avoid any chinese software to be able to sell anything in USA…

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。