Submitted via IRC for TheMightyBuzzard
Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package.
The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code.
(Score: 1, Insightful) by Anonymous Coward on Friday May 11 2018, @11:56PM (1 child)
There is no advantage to open-source code being available for anyone to review, if no one actually does.
(Score: 5, Insightful) by coolgopher on Saturday May 12 2018, @02:21AM
I disagree. There is still the advantage that the open-source code *can* be reviewed. Without going through six months of setting up agreements, NDAs, and other lawyering.