Quote:
Originally Posted by htismaqe
So I ask again, why does it matter if Sourceforge has been compromised?
|
1. It can allow a 3rd party to take over a project and push out malicious code.
2. Although software that they host is open source, most people do not check MD5 checksum's of the software that they download, few check that the available executable matches one compiled independently, and few have the capability to audit the millions of lines of code of each version.
Thus, when the chain of trust is potentially broken (such as when SourceForge has been compromised), than any software hosted from the site becomes potentially suspect and should be viewed with suspicion.