<p>If there was malicious code in a legitimate project hosted on <a href="https://social.anoxinon.de/tags/codeberg" class="mention hashtag" rel="tag">#<span>codeberg</span></a>, would we remove access to it, including for security researchers?</p><p>Short: No!</p><p>We are considering how to prevent fetching malicious code by accident, though.</p><p>In any case, we are open to collaborating with security researchers. Interested? Help us build a malware hunting team: <a href="https://codeberg.org/Codeberg/Contributing/issues/44" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/Codeberg/Contribu</span><span class="invisible">ting/issues/44</span></a></p><p>Background: <a href="https://social.anoxinon.de/tags/GitHub" class="mention hashtag" rel="tag">#<span>GitHub</span></a> locked access to source code of xz, which was background of active investigation from the community.</p>