Very interesting, I didn’t realise that subresource integrity was entirely missing from the ESM spec. So what this would mean is that, with ESM, any code loaded from any CDN could contain a potential government backdoor. How is this not a bigger issue?
(I’m saying a government backdoor because it would most likely take a state-level actor to force a CDN company to do that but it could, of course, be a disgruntled employee or cracker.)
"The modern packager’s security nightmare"
𝙉𝙫𝙞𝙙𝙞𝙖 𝙇𝙞𝙣𝙪𝙭 𝙙𝙧𝙞𝙫𝙚𝙧𝙨 𝙘𝙖𝙪𝙨𝙞𝙣𝙜 𝙧𝙖𝙣𝙙𝙤𝙢 𝙝𝙖𝙧𝙙 𝙘𝙧𝙖𝙨𝙝𝙚𝙨 𝙖𝙣𝙙 𝙣𝙤𝙬 𝙖 𝙢𝙖𝙟𝙤𝙧 𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙧𝙞𝙨𝙠 𝙨𝙩𝙞𝙡𝙡 𝙣𝙤𝙩 𝙛𝙞𝙭𝙚𝙙 𝙖𝙛𝙩𝙚𝙧 𝙛𝙞𝙫𝙚 𝙢𝙤𝙣𝙩𝙝𝙨
The Nvidia Linux drivers have never been good but whatever has been happening at Nvidia for the past decade has to stop today.
This bug causes hard irrecoverable crashes from driver 440+. This issue is still happening 5+ months later with no end in sight.