Removing D embedded in HTML feature

[Anders Bergh]

On Tue, Apr 1, 2008 at 8:21 AM, JMNorris <nospam at nospam.com> wrote:
>  Funny, but I'm not too worried about this one.  I've compiled and
>  installed code on that I haven't read--including the Linux kernel.
>  Many others have too.  I've never heard of any open source Trojan
>  horses.  Malware authors seem more likely to scour open source code for
>  bugs they can expoit than to try hiding malware within open source
>  code.  Perhaps though the victim thinking that he's read the source code
>  when you've actually read something else might make this exploit more
>  enticing to a malware author than normal open source code.
>
>  --
>  JMNorris
>

Yes, perhaps this is a bit paranoid. Actually, strike "perhaps". The
source to the Linux kernel tends to come from a trusted place, but
your "copy/paste tutorial" site might not. The point is with the HTML
feature you can very easily do something bad, even though the code
looks OK (because you're not looking hard enough).

Anders