Hacker News new | past | comments | ask | show | jobs | submit login

Technically, yes you can. But do you really have the time to sit down to understand a piece of software enough to know if it's doing anything nefarious?



It only takes one obfuscated line of code buried somewhere deep where you wouldn't expect it.


True. But I think they have the means to do that on a lot of (non-russia-associated) repositories. They even probably wouldn't pick this one because it's under too much scrutiny.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: