I have been reading about this since the news broke and still can’t fully wrap my head around how it works. What an impressive level of sophistication.

And due to open source, it was still caught within a month. Nothing could ever convince me more than that how secure FOSS can be.

Idk if that’s the right takeaway, more like ‘oh shit there’s probably many of these long con contributors out there, and we just happened to catch this one because it was a little sloppy due to the 0.5s thing’

This shit got merged. Binary blobs and hex digit replacements. Into low level code that many things use. Just imagine how often there’s no oversight at all

Yes, and the moment this broke other project maintainers are working on finding exploits now. They read the same news we do and have those same concerns.