Comment Re:Attack by prononymous? (Score 1) 143
I have a sourceforge project. All I did was pull down the repo to another location and run a diff on my working repo and the one I pulled down. There were no unexpected differences. I'm struggling to see why this is so hard to understand. It's simple to figure out if your project has changed in an unexpected way. It also easy to overwrite the repository on the sourceforge server with a clean one if you are suspicious.
Seriously, an attack this public will not catch out many projects. And I fail to see how someone would be able to "prove" that a project stole code when it's been made so public that SF was compromised. Just that fact would cast a huge amount of doubt over that sort of claim. Especially when one of the developers hands over an untainted version from their home machine for inspection.