[noir_lord]

On the other hand a reliable backdoor that also looks like sloppy code is better, as most of us are familiar with truly awful code it’s a nice layer of plausible deniability.

As the full saying goes.

Never attribute to malice what can be explained by stupidity...but don’t rule out malice.

[monocasa]

By that logic we should be calling all vulnerabilities "backdoors" just in case.

[peteradio]

Perhaps you should because the end result is the same, shit code sinks ships. Somebody could have written it intentionally or somebody could have been a dumbshit. Doesn't matter to me because now my computer is compromised.

[monocasa]

I mean, the term 'backdoor' has a connotation of intentionality. Unless you write perfect code 100% of the time, you probably rely on the difference.

[bsder]

Freetype buffer overflow leads to privilege escalataion.

All code is security code.

[monocasa]

Definitely don't disagree, but are the freetype developers being malicious when they leave in a bug?

[gsich]

>All code is security code.

Debian disagrees. They are wrong to do so.