Comment by xg15

Comment by xg15 a day ago

1 reply

View on Hacker News

Depends on the level of infiltration I guess. If the attacker managed to get themselves into a trusted position, as with the XZ backdoor, they could use the official communication channels of the project and possibility even file a CVE.

If it's "only" technical access, it would probably be harder.

andix a day ago

If they file a CVE, they will draw a lot of attention from experts to the project. Even from people who never heard from this package before.

Reply View 0 replies