People often ask me if I ever have detected an attempt to plant a backdoor in #curl. But I have never. I use to say that exploiting a mistake, a security vulnerability, is a MUCH more likely attack scenario because trying to merge a backdoor is super difficult.
But that only goes for outsiders. An insider, a trusted maintainer since years back, of course has a much better opportunity to sneak in malicious code etc. Still not easy though.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Green Cookie
in reply to daniel:// stenberg:// • • •if I was maintaining an app for free, yes in an instant.
If I was getting paid to maintain an app, yes in an instant.
Basically. Nothing is more important than family
daniel:// stenberg://
in reply to Green Cookie • • •Green Cookie
in reply to daniel:// stenberg:// • • •Andreas Scherbaum
in reply to Green Cookie • • •daniel:// stenberg://
in reply to Andreas Scherbaum • • •Andreas Scherbaum
in reply to daniel:// stenberg:// • • •@realsshrestha Yes, indeed. But a transparent and automated build process will raise questions the moment someone forces manual changes into the process (like adding extra files, or modifying code which does not come from the repository).
You are right that it still needs multiple sets of eyes.
Christos Alexiou
in reply to daniel:// stenberg:// • • •Trent Waddington
in reply to daniel:// stenberg:// • • •rooftopjaxx
in reply to daniel:// stenberg:// • • •@bagder
Genders: ♾️, 🟪⬛🟩; Soni L.
in reply to daniel:// stenberg:// • • •ideally, we would have a process where it wouldn't make a difference if we did.
getting there is hard tho.
timthelion
in reply to daniel:// stenberg:// • • •Matt Sicker מתן בן פטר (WIP)
in reply to daniel:// stenberg:// • • •Chris Adams
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Chris Adams • • •Chris Adams
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Chris Adams • • •Chris Adams
in reply to daniel:// stenberg:// • • •Th3Sh@d0w
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Th3Sh@d0w • • •Andrew
in reply to daniel:// stenberg:// • • •Cesare Forelli
in reply to daniel:// stenberg:// • • •