Sorry for the geek post…

  • m-p{3}A
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    I think it’s even more important with contributors of large projects and libraries used by a vast amount of software out there.

    It’s not inconceivable that someone’s account gets hijacked, and someone uses their trusted account to add a small snippet of malicious code in a commit, enabling a supply-chain attack.