|
|
|
|
|
|
by yorwba
364 days ago
|
|
|
> the snapshot file refers to some commit hashes that do not appear to point to any surviving public repo That sounds a bit worrying from a "reflections on trusting trust" perspective. Who's to say that those non-public commits didn't introduce a compiler backdoor? But I guess the more likely explanation is that somebody did some last-minute hotfixes that were later reworked before inclusion in the permanent record. |
|
|