• @whereisk@lemmy.world
    link
    fedilink
    138 months ago

    Ideally you need a double-blind checking mechanism definitionally impervious to social engineering.

    That may be possible in larger projects but I doubt you can do much in where you have very few maintainers.

    I bet the lesson here for future attackers is: do not affect start-up time.

    • @underisk@lemmy.ml
      link
      fedilink
      98 months ago

      I imagine if this attacker wasn’t in a rush to get the backdoor into the upcoming Debian and Fedora stable releases he would have been able to notice and correct the increased CPU usage tell and remain undetected.