[tstrimple]

You could probably hide it pretty effectively during a normal pull request to fix an existing issue. As long as they aren't greping for the string anyhow. If he's going to use tools to to search a PR for the string, you'd have to obfuscate it. There are plenty of string and / or byte array manipulation techniques to sufficiently hide something like this as long as it's masked by an otherwise real PR.

[ultramancool]

You'd have to rely on a ball of jumbled crap somewhere in the PR though - maybe if they don't wrap lines or something you could slip it in?

[Natanael_L]

I'd be XORing against some existing strings in the code of the same length to obfuscate the content, with some hidden method to invoke the reverse XOR to regenerate this challenge text string.

[ultramancool]

Sure, hiding it as a basic string is easy. But hiding it in a way that a simple code review won't catch is probably a lot harder.

[Natanael_L]

I think some array manipulation could do it if you're clever enough and don't make it obvious where all of the inputs comes from. So you'd make some particular parameters regenerate the string, and it wouldn't obviously stand out from the normal behavior.

[Magnets]

That sounds very difficult to hide

[Magnets]

The guy is responsible for a small number of low-activity projects, he's going to go over any new pull requests with a fine tooth comb