On Thursday, 28 July 2022 at 16:45:55 UTC, pascal111 wrote:
Aha! "In theory, someone could inject bad code", you admit my theory.
The code would need to work and pass merge tests too. The merge reason must match in review. If someone fixes a task and additionally adds 100 LOC some should, will ask what this is about.
It's a extrem unlikely scenario. You may heard of linux kernel source that contains code that no one exactly knows about. But this some kind of bait. It's old code, reviewed years ago, not needed anymore but not knowing to be harmful. Completely different.
Anyway, code old or new may be harmful if it allows UB (undefined behaviour) and that is what hackers primarily use, not secret backdoors. This is why it's important to write CORRECT software that doesn't allow and cannot fall in a state of UB.
