This is an automated archive made by the Lemmit Bot.

The original was posted on /r/opensource by /u/tannercub on 2024-04-07 19:51:41.


I was under the impression (maybe incorrectly) that open source software was a secure process. The process seems to be that someone can suggest code changes and eventually contribute to big open source projects.

Is there a vetting process for this? What is to stop bad actors from gaining trust over a period of time and then contributing malicious code (like the SSH one Freund discovered)?

I am probably missing major parts of the process, but this seems too simple for many people to exploit.