breadsmasherimagine if he said fuck it and turned sudo into a crypto mining malware
ScrolloneTo be honest, it wouldn’t take much for distro maintainers to detect that and stop it
JustEnoughDucksBut who is seriously looking at the sudo code at every update. I would bet a lot of money that the vast majority simply trust him and gloss over it maximum.
The chain of trust has to exist otherwise distrobox maintainers would spend 24 hours a day reviewing code changes and only update once every 6 months.
@JustEnoughDucks @Scrollone Well, the xz hack was discovered because ssh command was half a second slower for one guy, so presumably someone would notice very quickly