[FRIAM] (no subject)

Marcus Daniels marcus at snoutfarm.com
Thu May 7 18:08:41 EDT 2020 

The long con would be to get a semi-trusted agent as a committer.   Someone that could appear to be a student or a bland mid-level employee but is just playing that part.   Being open source, it would be a simple matter to anonymously clone it and study it for a while, advising their agent on what apparently benign mistakes to make.   (If the employee gets laid off for some mistakes that makes it all the more plausible and their agent is free and clear.)   Then the sponsoring organization waits for that code to spread into other organizations.   With their bugs in place, they have a period of exploitation before the bugs are identified.   All it takes for that is money and/or extortion.

From: Friam <friam-bounces at redfish.com> on behalf of Roger Critchlow <rec at elf.org>
Reply-To: The Friday Morning Applied Complexity Coffee Group <friam at redfish.com>
Date: Thursday, May 7, 2020 at 2:55 PM
To: The Friday Morning Applied Complexity Coffee Group <friam at redfish.com>
Subject: Re: [FRIAM] (no subject)

Right, https://www.git-scm.com/docs/git-blame - Show what revision and author last modified each line of a file

-- rec --

On Thu, May 7, 2020 at 5:19 PM Jon Zingale <jonzingale at gmail.com<mailto:jonzingale at gmail.com>> wrote:
Roger,

You say, "It's already happened more than once.  People, acting as if they cared about the code have taken over existing projects when the current developer loses interest.  Then they modify the code so it does something evil in addition to its original purpose, say stealing bitcoin wallet credentials.  Others have submitted packages which were one letter typos for trusted packages, with the same sort of surprises hidden in them."

Isn't this exactly why there is a git history? Version control exists, to some extent,
exactly so we can say who has done what and to what effect.

Jonathan Zingale
.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...
FRIAM Applied Complexity Group listserv
Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam<http://bit.ly/virtualfriam>
unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
archives: http://friam.471366.n2.nabble.com/
FRIAM-COMIC http://friam-comic.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20200507/1af16583/attachment.html>

More information about the Friam mailing list