|
|
|
|
|
|
by supposemaybe
804 days ago
|
|
|
No, what doesn’t make sense is you. The guy made it obvious he was struggling. He needed somebody to take it over and someone came to his ‘rescue’… and he trusted every single change they brought. Why am I saying that you don’t make sense? …because you haven’t even suggested a single resolution. You attack me even though I’m saying it how it is. Now how about making use of your reply and suggesting something more useful? Because the status quo is actually what led to this, people just ignoring the issue and leaving the guy to his devices when his heart clearly isn’t in it. Can I remind everyone that the entire world was nearly hacked? |
|
|
As far as I can tell, the only way to detect the manipulated release would have been to compare the release tarballs with one built by independently to detect the extra build script that had been inserted that injected the backdoor.
Of course, anybody in the world could have done this, including you, and yet... Neither you, nor anybody else, did. The reality here is that the entire supply chain is at fault - source code should be built from the public repo, not from a tarball.
Many very experienced people, and public companies, allowed this to happen. It's not fair to pick on one person.