• KillingTimeItself@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    8 months ago

    as a non developer myself, to my understanding, the vulnerabilities were implemented in test binaries?

    If so, i question why those were shipped to the client. Unless they were built into the package itself on the mirror, in which case, still curious as to why that would be. I would think tests are entirely benign and do nothing. Seems like it would be incredibly bad practice to do otherwise?

    Seems like an obvious vector to shutdown any potential fuckery. But what do i fucking know.