Yeah just look at the xz lib supply chain attack that happened recently.
Something like that probably happens all the time with nation-state actors inserting subtle vulnerabilities into open source software.
Go to any major lib GitHub and look at how many PRs get merged with superficial or even seemingly no review.
kubernetes
npub1xw…fy3xc
2024-03-30 12:28:12
in reply to nevent1q…935x
Author Public Key
npub1xw0g0f9dtve2075gc6jk5ed9808ma2zet2rttkrjqx3ekpqgc2wqrfy3xcPublished at
2024-03-30 12:28:12Event JSON
{
"id": "b07624c7a5f90be60cb29c9516d09288765f0f1c250cc8f1ac8f90478da99374",
"pubkey": "339e87a4ad5b32a7fa88c6a56a65a53bcfbea8595a86b5d87201a39b0408c29c",
"created_at": 1711801692,
"kind": 1,
"tags": [
[
"e",
"0da5957f613ceb2c191195f74c106bf66a2c89987effe68696d4c3ea481cf817",
"",
"root"
],
[
"e",
"027a1af90922bda2ee46620c2139fc3bfb9e51ccf0f6023971afb979e5146821"
],
[
"e",
"143fc25c559d15b99fe309e1d3a26aff9ee4aa8538e4c61db75a65e7708a9d6a",
"",
"reply"
],
[
"p",
"f444067fd7ccd9411312edcbcaa8276e3528e98be0d21d28b7227738c7d12c69"
],
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411"
]
],
"content": "Yeah just look at the xz lib supply chain attack that happened recently.\n\nSomething like that probably happens all the time with nation-state actors inserting subtle vulnerabilities into open source software.\n\nGo to any major lib GitHub and look at how many PRs get merged with superficial or even seemingly no review.",
"sig": "2b5b48f54a76d2524e66b7293faccaee99ec23f6a92bfcc18aec46b14c88edebbcdf9543ea2d79158806b934480628352e29362bf44cc423f15d49cbc346d687"
}