Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Have you audited that compiler's source and building the compiler from it with a known good compiler? Are you inspecting the resulting .pyc, and in this case, the resulting PEs? It's a super easy way to inject a compromise into a package that will probably get widely distributed.

Because nobody is that paranoid?



And if they are, they probably aren't in the business of distributing precompiled binaries.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: