|
|
|
|
|
|
by neallindsay
430 days ago
|
|
|
That's a good point. Setting up a benign release first that you have engineered a same-hash malicious release you can swap in later is a higher bar than gaining control of a repo and immediately replacing a popular release. |
|
|