undefined | Better HN

0 pointsrisotto16y ago0 comments

Oh, great call. The possibility of an unauthorized person injecting code could be disastrous.

Presumably, if you're security conscious, someone reviews all patches before they make it anywhere near shipping. But obviously that is not foolproof.

But then, what would happen if, say, someone went through the backdoor on github and patched a binary and modified the commit log to cover his tracks.

Hopefully git would fail loudly when you pull?

0 comments

turbinemonkey16y ago

I have to think so -- you can patch binaries and modify commit logs all you want, but patches are still being applied in sequence, locally, when you pull. If the hashes don't match, boom.

But then, can those hashes be swapped out? We need hashes on the hashes! :-P

j / k navigate · click thread line to collapse