Hacker News new | ask | show | jobs
by superzamp 310 days ago
I think it's even realistic to say that dotfiles are vulnerable to being used as a fingerprint mechanism by nefarious packages. One could easily create an inventory of github profiles <> dotfiles; then read local dotfiles when their package gets installed on a developer laptop.
1 comments
meribold 310 days ago
Such a nefarious package could also read browser cookies, SSH keys, emails, photos, and a million of other things.
link