The Windows version of Transmission-qt does not allow one to completely disable seeding. Little bellwethers go a long way in identifying poor applications.
I love Transmission, although nowadays I rarely use it. But this is really disconcerting to have happened twice this year, which means the developers aren't really doing well on the security front. Since it's open source, why don't they just move to Github Pages for hosting and Github for development? (Gitlab is great too!) Self hosting Trac and website, plus self hosted Jenkins from my understanding, leaves so many attack vectors.
5 comments
[ 3.2 ms ] story [ 24.7 ms ] threadPreviously: https://news.ycombinator.com/item?id=11234589
If so, chances are we will see this happen again. Adding a payload to an open source project and signing it with a new key is not rocket science.