Steve PurcellFirst example we at MELPA have seen of an #emacs package getting hacked (upstream of us, in GitHub): https://github.com/kubernetes-el/kubernetes-el/issues/383
deech@sanityinc
"dick long"
the future is so profoundly stupid ... 🙄
@deech I'm coming to appreciate that it (gestures vaguely all around) is so openly a joke
Shane Celis@sanityinc @deech Dev tools have been so lax on security and so trusting, I figured they were only left alone because they’re a small target. Scary to see Emacs malware in the wild though.
@shanecelis @deech yeah, if this is an easy-to-find toy attack, it doesn't seem impossible that a genuine one has already succeeded
@sanityinc @deech One solo security-conscious developer examines the last of the builtin Emacs packages: woman.el. “Ok, it’s safe to use. Ten months well spent.”
synlogic4242
Ross A. Baker@deech @sanityinc Maybe new accounts that suddenly open PRs en masse, that reference a known malware repo, to repositories related only by having a vulnerable configuration, and leave behind a picture of one Mr. Richard Long, could be detected as a malicious signal by the company that enjoys a near monopoly on open source.
Hey, look, another Copilot button!