there have been several attempts to compromise source distributions over the years. Many of them have succeeded in getting bad code into high-profile packages. But none of these attacks - so far as we know - have escaped detection for any significant period of timeWell, yes - how do you know that no such thing exists?? Anybody who has done it will surely be careful not to cause alarm when exploiting it.
BTW, it is also possible and likely that some developer somewhere has done a similar thing. I dimly remember one occasion a few years ago when such a developer backdoor was detected, can't remember any details though...
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds