As always, hundreds watch the open repositories, maybe one watches a company's build servers, if they're lucky. :-)

Hundreds watch, but how closely?

Plenty of stories of fairly major projects having evil commits snuck in that remain for months.

Name a few.

	▲	TylerE 4 hours ago \| parent \| next [-]
		https://en.wikipedia.org/wiki/XZ_Utils_backdoor https://medium.com/@aleksamajkic/fake-sms-how-deep-does-the-... https://blog.linuxmint.com/?p=2994 https://www.bleepingcomputer.com/news/linux/malicious-packag... https://www.cnx-software.com/2021/04/22/phd-students-willful... I could go on but I trust this is a sufficient number of examples.
	▲	5 hours ago \| parent \| prev [-]
		[deleted]