Building software with lots of opensource libraries is effectively giving shell access to the authors of those libraries. They can stick whatever they like in those build scripts, and there's so many thousands of them I bet you don't check all of them by hand.
Given that, I'd prefer they had shell access as a low privilege user than be able to read my ssh keys from RAM...
Obviously if you compile software as your regular linux user account like most users, you're already a sitting duck, so might as well throw in a few more vulnerabilities.
Given that, I'd prefer they had shell access as a low privilege user than be able to read my ssh keys from RAM...
Obviously if you compile software as your regular linux user account like most users, you're already a sitting duck, so might as well throw in a few more vulnerabilities.