Inserting a change like this as a one off would cause lots of scrutiny, which wo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		parl_match on April 2, 2024 \| parent \| context \| favorite \| on: Xzbot: Notes, honeypot, and exploit demo for the x... Inserting a change like this as a one off would cause lots of scrutiny, which would probably get it detected. Instead, the bad actor spent years contributing to the project before dropping this. So, while writing the exploit might be a couple of hours work, actually pulling it off is quite a bit more difficult.

londons_explore on April 2, 2024 [–]

Plenty of open source maintainers spend only a few hours a month on their projects.

For many projects, that is enough to become the main contributor.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact