Sorry for the geek post…

  • m-p{3}@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I think it’s even more important with contributors of large projects and libraries used by a vast amount of software out there.

    It’s not inconceivable that someone’s account gets hijacked, and someone uses their trusted account to add a small snippet of malicious code in a commit, enabling a supply-chain attack.