Y
Hacker News
new
|
ask
|
show
|
jobs
by
Hamuko
778 days ago
Didn't the xz situation kinda prove that even reading the script is probably not gonna do you a lot of good if you're up against someone smart?
3 comments
xandrius
778 days ago
Exactly, also if you already go thinking in adversarial terms when using something, why would you even use the thing to begin with?
Maybe I'm too naïve.
link
samtheprogram
778 days ago
> given the xz situation a well crafted shell script can seem harmless while being very dangerous
That’s exactly what they are saying.
link
wizzwizz4
778 days ago
The xz situation proved the opposite: if you're up against someone smart, you won't read the script (and you'll
think
you have).
link
ta1243
778 days ago
The xz situation proved that while you didn't read the script, someone did detect the problem. It shows the benefit of many-eyes.
link
Maybe I'm too naïve.