Peter Todd @Peter Todd - 2d
10 years after I pointed out the risk of a Ripple backdoor due to Ripple not PGP signing their software or providing any other way to get it securely... there's a a Ripple backdoor due to an npm compromise. 😂 https://github.com/petertodd/ripple-consensus-analysis-paper/blob/master/paper.pdf https://image.nostr.build/550b7f806d3e02fa054601c999b5959743a5aa49fe5a4dcd80ae4bdc27e8ed38.png https://image.nostr.build/2910d114fd064fbfe0b42d3b06dde40feabd9cf40450ac0a4b42df6f9ec4ec39.png
In fairness, at the moment my python-bitcoinlib library isn't PGP signed for most users because PyPi made the idiotic decision to phase out PGP signatures. But my hands are tied on that; the entire software industry is incompetent.
The Daniel ⚡️ @daniel - 2d
What are the chances these are actually intentional bugs created and inserted into boring and ubiquitous software libraries by NSA agents. We know this is a thing they actually (and proudly) do.
