Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Official releases of the Transmission BitTorrent client might be compromised? (github.com/transmission)
61 points by Reubend on Nov 10, 2023 | hide | past | favorite | 16 comments



When multiple people report your app release as having a keylogger, maybe don't get super defensive and actually investigate? They (two of the three lead devs) seem to just be repeating "that's not in the source code" over and over as if that excuses a supply chain compromise...


the maintainers' response and unwillingness to investigate or ask for more information is really disappointing. perhaps it's because they're hit by false positive fatigue? but, still... an odd conversation there.


It's scary how much of the software supply chain we assume is safe. We pull stuff off of GitHub, Docker Hub, npm all the time simply trusting the author isn't up to no good and that the source hasn't been compromised.


Loving the enthusiasm in which this is addressed on the issue thread.


The project members dismiss the concerns. Are you talking about the reporters?


Strikes as clueless developers right there, may have to reconsider choice of software...


Redacted title. Maybe that's OK because the original title is really meaningless out of context. But at least it could mention Windows, as a Linux user I don't need to care.

(Not claiming that Linux is inherintly more secure in this aspect. Packages are typically installed as root and a bad package can have fatal consequences. The bug does not discuss whether their Windows installer is signed and who signed it.)


Although, this is not the first time malware has been bundled with Transmission. It's not even the second time.

You have to start wondering about their overall approach to security.


Not sayin youre makin it up, but if you have sources about previous malware in transmission, id like to see



Kinda crazy that despite this transmission devs are acting the way they are


Is mikedld serious? The evidence in that thread is overwhelming


Seems to happen pretty regularly


It’s funny too because you have to pay for Transmission bfore Panic says you should pay $48 extra to be a pirate


Are you thinking of Transit?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: