@swelljoe So these are potential targets for zero day or places where zero days might be inserted? I could see the bitchy/snarky comments being a script to get someone to say screw of you do it.
@James in this case "Jia Tan" who volunteered to "help" around the same time as all the complaining was happening made a bunch of mostly legitimate commits, but also eventually built in a backdoor. It was quite well-hidden, and passed through most of the checks that might catch sloppier or less well-planned attacks (the `ifunc` patch was clearly to provide a plausible excuse for disabling sanitizers). They spent almost two years taking more control of the project and inserting the backdoor.
Gregory's Server
@James in this case "Jia Tan" who volunteered to "help" around the same time as all the complaining was happening made a bunch of mostly legitimate commits, but also eventually built in a backdoor. It was quite well-hidden, and passed through most of the checks that might catch sloppier or less well-planned attacks (the `ifunc` patch was clearly to provide a plausible excuse for disabling sanitizers). They spent almost two years taking more control of the project and inserting the backdoor.