I definitely agree with this advice in general, but as it so happens, users who ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pfg on May 17, 2017 \| parent \| context \| favorite \| on: A Case of Stolen Source Code I definitely agree with this advice in general, but as it so happens, users who installed HandBrake via homebrew (a package manager for macOS) were affected by this too because the hash for the latest version of HandBrake was changed to the infected version[1]. Still, package managers definitely make it harder for the attacker in most cases. [1]: https://github.com/caskroom/homebrew-cask/pull/33354

dlandis on May 17, 2017 [–]

Wow, that's a strangely aggressive reply from one of the contributors on that thread. And then he said:

> 99% of the time these hash changes are innocent

That's actually not very good at all and proves they shouldn't just trust hash changes! Very odd

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact