• @whereisk
    link
    128 months ago

    Ideally you need a double-blind checking mechanism definitionally impervious to social engineering.

    That may be possible in larger projects but I doubt you can do much in where you have very few maintainers.

    I bet the lesson here for future attackers is: do not affect start-up time.

    • @[email protected]
      link
      fedilink
      88 months ago

      I imagine if this attacker wasn’t in a rush to get the backdoor into the upcoming Debian and Fedora stable releases he would have been able to notice and correct the increased CPU usage tell and remain undetected.