Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How would they create that noise?


Depends on the level of infiltration I guess. If the attacker managed to get themselves into a trusted position, as with the XZ backdoor, they could use the official communication channels of the project and possibility even file a CVE.

If it's "only" technical access, it would probably be harder.


If they file a CVE, they will draw a lot of attention from experts to the project. Even from people who never heard from this package before.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: