Submitted via IRC for TheMightyBuzzard
Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package.
The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code.
(Score: 0) by Anonymous Coward on Saturday May 12 2018, @04:55PM
Yeah, because that can't be faked? Only way to have real stuff there is to SIGN YOUR COMMITS! (or even release tags).