Y
Hacker News
new
|
ask
|
show
|
jobs
by
Yokohiii
43 days ago
From what I understand they've wrote the poisoned payload directly to the file system where they've expected another package exists. You only need to know what hash is going to be created.
1 comments
KajMagnus
42 days ago
How do you know the hash in advance?
link