Posted Dec 21, 2007 20:00 UTC (Fri) by giraffedata
In reply to: Technology support
Parent article: The backdooring of SquirrelMail
But that wouldn't be effective against what happened with Squirrelmail, since the code was changed after it came out of the source repository.
And it may not be effective against hackers who put code into source repositories either, because if you can get commit privilege on a Subversion server, you can probably also add a public key to a Monotone server or sign code as some authorized developer.
to post comments)