Comment by microtonal
9 hours ago
I can understand it's hard to defend against plausibly deniable errors that create backdoors, etc. But this would show a complete lack of code review, no?
9 hours ago
I can understand it's hard to defend against plausibly deniable errors that create backdoors, etc. But this would show a complete lack of code review, no?
Code review just means you need an accomplice. It makes it harder, not impossible.
Not even that. Bury it in a sufficiently-large PR and there’s a very good chance it’ll be rubber-stamped because no one wants to take the time to carefully review the entire set of changes.
Or be convincing to a LLM.
Humans reading code is so "legacy"...
> But this would show a complete lack of code review, no?
You'd be surprised how many websites use Google Tag Manager to allow their marketing department to roll out trackers and other JS snippet directly into the site's root context.
GTM et al's sole reason of existence is to provide marketing people with a way to bypass corporate IT.
And I definitely would not rule out something like this being the cause in the end.