People often ask me if I ever have detected an attempt to plant a backdoor in #curl. But I have never. I use to say that exploiting a mistake, a security vulnerability, is a MUCH more likely attack scenario because trying to merge a backdoor is super difficult.
But that only goes for outsiders. An insider, a trusted maintainer since years back, of course has a much better opportunity to sneak in malicious code etc. Still not easy though.
daniel:// stenberg:// /
npub10q…4j5x8
2024-03-29 22:29:33
Author Public Key
npub10ql4aps87kugc57xc63ng3z70ymkydgp8pqmcsxm03v7adaea99ss4j5x8Published at
2024-03-29 22:29:33Event JSON
{
"id": "ca6494c76a7a4a714dfc9f329e2258d05b91f909ec11a45fcef063ebf5eab093",
"pubkey": "783f5e8607f5b88c53c6c6a334445e79376235013841bc40db7c59eeb7b9e94b",
"created_at": 1711751373,
"kind": 1,
"tags": [
[
"t",
"curl"
],
[
"proxy",
"https://mastodon.social/users/bagder/statuses/112181338013797163",
"activitypub"
]
],
"content": "People often ask me if I ever have detected an attempt to plant a backdoor in #curl. But I have never. I use to say that exploiting a mistake, a security vulnerability, is a MUCH more likely attack scenario because trying to merge a backdoor is super difficult.\n\nBut that only goes for outsiders. An insider, a trusted maintainer since years back, of course has a much better opportunity to sneak in malicious code etc. Still not easy though.",
"sig": "29c9c4187befdf320f97185ad32e32b2363957381501093b64c213b34fd793eb59e71938b9d682c921948ae4bcf04d648f3f3bc2c5ffdd42f69b7c8bbb829656"
}