• @[email protected]
    link
    fedilink
    17 months ago

    Update plugin com.android.test to v8.5.0 by @renovate in #1561

    Was it properly checked for backdoor injections?

    • @[email protected]
      link
      fedilink
      67 months ago

      Is there a reason you’re suspicious about that particular dependency, or are you just asking about dependencies in general?

      • @[email protected]
        link
        fedilink
        1
        edit-2
        7 months ago

        I’m worried about that one specifically. Dependencies in general can be suspicious if they come from untrusted sources but in that case it’s suspicious by being related to testing (like the xz thing was) that shouldn’t even be in a released app anyways.

    • DessalinesOPM
      link
      fedilink
      4
      edit-2
      7 months ago

      What’s the context there? We update dependencies very frequently.

        • DessalinesOPM
          link
          fedilink
          67 months ago

          I have no idea what this means. Why is the android testing dependency is less secure than all the other android deps we’ve updated?

    • @[email protected]
      link
      fedilink
      37 months ago

      If you have a security concern you should raise this with Google using a minimal working example to demonstrate yourself.

      Do you have a genuine concern and can you provide a working example of the attack surface in a repository that you can share?