This might age horribly, but I never really understood the worry that a high-profile open source developer might ‘smuggle’ some dodgy code into a repo. Sure, it’s possible. Especially in large projects, but the risk/reward ratio is simply ridiculously bad and there are so many other/simpler ways out there a malicious actor could use to make a profit.
This might age horribly, but I never really understood the worry that a high-profile open source developer might ‘smuggle’ some dodgy code into a repo. Sure, it’s possible. Especially in large projects, but the risk/reward ratio is simply ridiculously bad and there are so many other/simpler ways out there a malicious actor could use to make a profit.