|
|
|
|
|
|
by rll
5564 days ago
|
|
|
Ah, but we actually do. Especially when a commit comes from someone new or someone who doesn't normally commit to that part of the code. In order to sneak a malicious commit through, you would need to hijack the account of a user that normally commits to the part of the code you want to modify. On top of that, you probably want to find someone who has recently become less active since otherwise they would see a commit with their name on it and catch it right away. And finally, you would need to make it non-obvious so someone wouldn't be able to tell anything was amiss with a casual glance. It would be an interesting experiment. |
|
|
If it was as easy as you seem to think, we probably wouldn't introduce such bugs by accident in the first place.
It can be as innocuous looking as using strncpy instead of strlcpy.