Date: Tue, 12 Mar 2024 16:12:33 +0200
Fine, please go to the hacker mailing list and shitpost there. I fail to see what you are contributing to yhe discussion.
On Tue, Mar 12, 2024, at 16:06, Tiago Freire wrote:
>> That is a straw man argument.
>> If you had amazon.com as your home it should not have passed code review and merge request, along with whatever security audit tooling your build system should run anyways.
>
> Its not a strawman. A standard is not just for you, it is for everyone.
> Including people who do open-source projects, and whose working
> environment isn't as closely monitored as you may think.
> Even in your closed environment I can think of extremely easy ways to
> hide malicious constexpr payload to take over your entire company and
> you wouldn't even notice in a PR.
> And that's just 5 minutes thinking about the problem, imagine what a
> motivated malicious actor with enough time and resources could achieve.
>
> And why would I want to do this to begin with?
On Tue, Mar 12, 2024, at 16:06, Tiago Freire wrote:
>> That is a straw man argument.
>> If you had amazon.com as your home it should not have passed code review and merge request, along with whatever security audit tooling your build system should run anyways.
>
> Its not a strawman. A standard is not just for you, it is for everyone.
> Including people who do open-source projects, and whose working
> environment isn't as closely monitored as you may think.
> Even in your closed environment I can think of extremely easy ways to
> hide malicious constexpr payload to take over your entire company and
> you wouldn't even notice in a PR.
> And that's just 5 minutes thinking about the problem, imagine what a
> motivated malicious actor with enough time and resources could achieve.
>
> And why would I want to do this to begin with?
Received on 2024-03-12 14:12:56