• FizzyOrange@programming.dev
    link
    fedilink
    arrow-up
    5
    ·
    7 months ago

    If the build scripts were tiny and checked then the attack vector would have just been different, I’m not even too sure the language mattered.

    I have to disagree here. Maybe they would have found another way, but it would have been a more obvious way, which is a very good thing.

    Yes it would have still been compromised but it may have been detected earlier. So it’s still pretty bad to have these incomprehensible build scripts.

    • Metype @lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      I’m not saying incomprehensible build scripts are good here, my mistake for making it seem that way. I’m not confident that hiding it elsewhere would have been strictly more obvious but it absolutely could have been.

      I’ve done some pretty complex C projects and haven’t had build scripts nearly that large. This one seems particularly unwieldy and certainly helped the attacker.