I think the exploit you demonstrate in your video is pretty reasonable/realistic. There's plenty of times where I eye-ball a repo in the GitHub UI before downloading it since I want to know what's happening under the hood for trust reasons. And this def throws a little bit of a wrench into that process.
No comments yet.