At the risk of sounding like a broken record, we have YET ANOTHER trojan in the source code of an open-source project. This time it struck close to home for me, as the trojan was in the Gentoo portage sources of libpcap and tpcdump. Details are here.
Man, WTF is up with all these source trojans in the last 6 months? I've been busy with other things for the last month or so and haven't had much time for AO and computer stuff. Are these trojans believed to be by the same person or group, or are they just copycat incidents?
More importantly, is the source code that we have prided ourselves on for so long now turning into an Achilles heel for the *nix world with all these trojans?