Date: Tue, 12 Mar 2024 14:06:00 +0000
> That is a straw man argument.
> If you had amazon.com as your home it should not have passed code review and merge request, along with whatever security audit tooling your build system should run anyways.
Its not a strawman. A standard is not just for you, it is for everyone. Including people who do open-source projects, and whose working environment isn't as closely monitored as you may think.
Even in your closed environment I can think of extremely easy ways to hide malicious constexpr payload to take over your entire company and you wouldn't even notice in a PR.
And that's just 5 minutes thinking about the problem, imagine what a motivated malicious actor with enough time and resources could achieve.
And why would I want to do this to begin with?
> If you had amazon.com as your home it should not have passed code review and merge request, along with whatever security audit tooling your build system should run anyways.
Its not a strawman. A standard is not just for you, it is for everyone. Including people who do open-source projects, and whose working environment isn't as closely monitored as you may think.
Even in your closed environment I can think of extremely easy ways to hide malicious constexpr payload to take over your entire company and you wouldn't even notice in a PR.
And that's just 5 minutes thinking about the problem, imagine what a motivated malicious actor with enough time and resources could achieve.
And why would I want to do this to begin with?
Received on 2024-03-12 14:06:03