As always, hundreds watch the open repositories, maybe one watches a company's b...

TylerE · 2025-11-17T19:42:28 1763408548

Hundreds watch, but how closely?

Plenty of stories of fairly major projects having evil commits snuck in that remain for months.

alphager · 2025-11-17T23:57:18 1763423838

Name a few.

TylerE · 2025-11-18T01:39:01 1763429941

https://en.wikipedia.org/wiki/XZ_Utils_backdoor

https://medium.com/@aleksamajkic/fake-sms-how-deep-does-the-...

https://blog.linuxmint.com/?p=2994

https://www.bleepingcomputer.com/news/linux/malicious-packag...

https://www.cnx-software.com/2021/04/22/phd-students-willful...

I could go on but I trust this is a sufficient number of examples.

pona-a · 2025-11-18T14:46:39 1763477199

Only two of these were actual malicious commits. Two others were malware inserted into the repositories (if Twitter could be thought of as a meta-repo), which is bad but not on the same scale.

dxxvi · 2025-11-19T04:25:09 1763526309

I wonder why nowhere talked about who Jia Tan was. In my understanding, a few people already talked to that person. Now, does Jia Tan really vanish?