Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

344K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-04-01

Public
Hans-Christoph Steiner

Three years ago, #FDroid had a similar kind of attempt as the #xz #backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection #vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now

gitlab.com/fdroid/fdroidclient

GitLabSearch improvements: Sort based on keyword matching and removed alphabetic sort (!889) · Merge requests · F-Droid / Client · GitLabThe search results are pretty unusable currently. So I've changed it to show apps in this order: App name matches keyword, summary matches keyword, description matches keyword. Also,...
Max von Webel

@eighthave @davidgerard Honestly: I think if he had bad intentions he probably would have just complied. To me this person sounded like an eager developer with to much ego and to little knowledge. But it was really interesting to read how close this MR was to being merged and how much damage it could have done, intentional or unintentional.

·Public·Mona for iPhone
0boosts·1favorite
ExploreLive feeds
About