#开源项目
又一种很“新颖”的往开源项目里下毒的手法:有人对Python 包 ultralytics 发了 PR,其中包含如图分支名,当 GitHub 执行 CI 任务时,执行脚本获得仓库密钥,进而在发布包中植入加密货币挖矿程序
https://lwn.net/Articles/1001215/
BY codedump的电报频道
If riding a bucking bronco is your idea of fun, you’re going to love what the stock market has in store. Consider this past week’s ride a preview.The week’s action didn’t look like much, if you didn’t know better. The Dow Jones Industrial Average rose 213.12 points or 0.6%, while the S&P 500 advanced 0.5%, and the Nasdaq Composite ended little changed.
The seemingly negative pandemic effects and resource/product shortages are encouraging and allowing organizations to innovate and change.The news of cash-rich organizations getting ready for the post-Covid growth economy is a sign of more than capital spending plans. Cash provides a cushion for risk-taking and a tool for growth.
telegram from sg