Comment by whatshisface
1 day ago
As always, hundreds watch the open repositories, maybe one watches a company's build servers, if they're lucky. :-)
1 day ago
As always, hundreds watch the open repositories, maybe one watches a company's build servers, if they're lucky. :-)
Hundreds watch, but how closely?
Plenty of stories of fairly major projects having evil commits snuck in that remain for months.
Name a few.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
https://medium.com/@aleksamajkic/fake-sms-how-deep-does-the-...
https://blog.linuxmint.com/?p=2994
https://www.bleepingcomputer.com/news/linux/malicious-packag...
https://www.cnx-software.com/2021/04/22/phd-students-willful...
I could go on but I trust this is a sufficient number of examples.
1 reply →