Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Monero to Supply Chain Compromises #822

Closed
maltfield opened this issue Nov 27, 2021 · 7 comments · Fixed by #967
Closed

Add Monero to Supply Chain Compromises #822

maltfield opened this issue Nov 27, 2021 · 7 comments · Fixed by #967
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@maltfield
Copy link

maltfield commented Nov 27, 2021
edited
Loading

This curated list of Supply Chain Compromises is awesome, thanks for maintaining it!

I noticed that the Monero wallet's compromised release from 2019-11-18 is not listed in this repo.

Considering that Monero is widely considered to be the most popular/secure privacy cryptocurrency, it's easily one of the most security-critical packages that you wouldn't want to become victim to supply chain attacks..

Fortunately, they did have release signing in-place, so users were quickly able to identify the issue and address it. But it's yet another cautionary tale for project maintainers that blindly trust their infrastructure.

Further reading on this incident:
@maltfield maltfield changed the title Add Monero Add Monero to Supply Chain Compromises Nov 27, 2021
@stale
Copy link

stale bot commented Jan 28, 2022

This issue has been automatically marked as inactive because it has not had recent activity.

@stale stale bot added the inactive No activity on issue/PR label Jan 28, 2022
@lumjjb lumjjb added good first issue Good for newcomers help wanted Extra attention is needed labels Feb 16, 2022
@stale stale bot removed the inactive No activity on issue/PR label Feb 16, 2022
@lumjjb
Copy link
Contributor

lumjjb commented Feb 16, 2022

@maltfield thanks for opening the issue - would you be willing to make a PR for this?

@stale
Copy link

stale bot commented Apr 17, 2022

This issue has been automatically marked as inactive because it has not had recent activity.

@stale stale bot added the inactive No activity on issue/PR label Apr 17, 2022
@krol3
Copy link
Contributor

krol3 commented Jun 11, 2022

@lumjjb I would like to help to do this PR

@stale stale bot removed the inactive No activity on issue/PR label Jun 11, 2022
@Rishit-dagli Rishit-dagli mentioned this issue Aug 3, 2022
Merged
@stale
Copy link

stale bot commented Aug 12, 2022

This issue has been automatically marked as inactive because it has not had recent activity.

@stale stale bot added the inactive No activity on issue/PR label Aug 12, 2022
@maltfield
Copy link
Author

@lumjjb can the PR be reviewed so this can be closed?

@stale stale bot removed the inactive No activity on issue/PR label Aug 14, 2022
@lumjjb
Copy link
Contributor

lumjjb commented Aug 14, 2022

sorry that i missed this - i added a comment and updated the branch.

Once we address the comments and CI passes ill merge it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Monero to Supply Chain Compromises Rishit-dagli/tag-security
3 participants
@lumjjb @maltfield @krol3