It’s hard to imagine something as fundamental to computing as the sudo command becoming abandonware, yet here we are: its solitary maintainer is asking for help to keep the project alive.
It’s hard to imagine something as fundamental to computing as the sudo command becoming abandonware, yet here we are: its solitary maintainer is asking for help to keep the project alive.
Yes, but people are forgetting how it was discovered.
It was discovered because there was a visible performance impact by running benchmark tests on other, time-critical software.
Do you know how it was not discovered? By maintainers looking through changes of the software and looking through the code, exactly the way that the commenter and you and others are saying things would be caught.
If the attacker hadn’t been so eager and only set it to start working after a time delay a year later or multiple updates later? It would have infected almost every server in the world, even if it got noticed immediately, it would have been a giant problem that would have reaped the benefits for the malicious party before it could be regressed and changed.