<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:Garamond;
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">The long con would be to get a semi-trusted agent as a committer. Someone that could appear to be a student or a bland mid-level employee but is just playing that part. Being open source, it would be a simple matter to anonymously clone
it and study it for a while, advising their agent on what apparently benign mistakes to make. (If the employee gets laid off for some mistakes that makes it all the more plausible and their agent is free and clear.) Then the sponsoring organization waits
for that code to spread into other organizations. With their bugs in place, they have a period of exploitation before the bugs are identified. All it takes for that is money and/or extortion.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Friam <friam-bounces@redfish.com> on behalf of Roger Critchlow <rec@elf.org><br>
<b>Reply-To: </b>The Friday Morning Applied Complexity Coffee Group <friam@redfish.com><br>
<b>Date: </b>Thursday, May 7, 2020 at 2:55 PM<br>
<b>To: </b>The Friday Morning Applied Complexity Coffee Group <friam@redfish.com><br>
<b>Subject: </b>Re: [FRIAM] (no subject)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Right, <a href="https://www.git-scm.com/docs/git-blame">https://www.git-scm.com/docs/git-blame</a> - <span style="font-size:10.5pt;font-family:"Georgia",serif;color:#4E443C;background:#FCFCFA">Show what revision and author last modified
each line of a file</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-- rec --<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Thu, May 7, 2020 at 5:19 PM Jon Zingale <<a href="mailto:jonzingale@gmail.com">jonzingale@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333">Roger,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333">You say, "</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222">It's already happened more than once. People, acting as if they cared
about the code have taken over existing projects when the current developer loses interest. Then they modify the code so it does something evil in addition to its original purpose, say stealing bitcoin wallet credentials. Others have submitted packages which
were one letter typos for trusted packages, with the same sort of surprises hidden in them."</span><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222">Isn't this exactly why there is a git history? Version control exists, to some extent,</span><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt">exactly so we can say who has done what and to what effect.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#222222">Jonathan Zingale</span><span style="font-size:12.0pt;font-family:"Garamond",serif;color:#333333"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal">.-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ... .... . ...<br>
FRIAM Applied Complexity Group listserv<br>
Zoom Fridays 9:30a-12p Mtn GMT-6 <a href="http://bit.ly/virtualfriam" target="_blank">
bit.ly/virtualfriam</a><br>
unsubscribe <a href="http://redfish.com/mailman/listinfo/friam_redfish.com" target="_blank">
http://redfish.com/mailman/listinfo/friam_redfish.com</a><br>
archives: <a href="http://friam.471366.n2.nabble.com/" target="_blank">http://friam.471366.n2.nabble.com/</a><br>
FRIAM-COMIC <a href="http://friam-comic.blogspot.com/" target="_blank">http://friam-comic.blogspot.com/</a>
<o:p></o:p></p>
</blockquote>
</div>
</div>
</body>
</html>