stale[bot]
commented
2 years ago This issue has been automatically marked as inactive because it has not had recent activity.
Closed maltfield closed 2 years ago
stale[bot]
commented
2 years ago This issue has been automatically marked as inactive because it has not had recent activity.
lumjjb
commented
2 years ago @maltfield thanks for opening the issue - would you be willing to make a PR for this?
stale[bot]
commented
2 years ago This issue has been automatically marked as inactive because it has not had recent activity.
krol3
commented
2 years ago @lumjjb I would like to help to do this PR
stale[bot]
commented
2 years ago This issue has been automatically marked as inactive because it has not had recent activity.
maltfield
commented
2 years ago @lumjjb can the PR be reviewed so this can be closed?
lumjjb
commented
2 years ago sorry that i missed this - i added a comment and updated the branch.
Once we address the comments and CI passes ill merge it!
This curated list of Supply Chain Compromises is awesome, thanks for maintaining it!
I noticed that the Monero wallet's compromised release from 2019-11-18 is not listed in this repo.
Considering that Monero is widely considered to be the most popular/secure privacy cryptocurrency, it's easily one of the most security-critical packages that you wouldn't want to become victim to supply chain attacks..
Fortunately, they did have release signing in-place, so users were quickly able to identify the issue and address it. But it's yet another cautionary tale for project maintainers that blindly trust their infrastructure.
Further reading on this incident: