A supply chain attack doesn't directly attack an end developer but rather a supplier of the developer. So who or what is the supplier in this case?
An attack on any of these things has nothing specifically to do with the developers of Little Snitch and would have vastly more widespread and important effects.
Why would you even be talking about Little Snitch if a compiler were compromised?!? Your paranoia here is bizarrely narrow. Little Snitch would be the least of our problems in that case.
The comment was asking about preventing a compromised supplier for the developers.
A supply chain attack can be anywhere in the supply chain to the target. If I, the end user, am the target, then a supply chain attack compromising the developer of LittleSnitch is effective.
I may then be a conduit to compromising other software or components, and would both I and LittleSnitch would be part of the supply chain that could be attacked targeting them.
You're not a target, anonymous rando.
Are you going to have this same discussion about every piece of software every mentioned on Hacker News? Why are we having it for Little Snitch specifically?
No, not really. And I disagree with the premise, "They must be a target for the various hacking groups out there."
How would you even hack them? I'm a developer too; how would you hack me?
I'm not even going to respond to this ridiculousness.
I still don't know why anyone thinks that, among all developers in the world, a little indie Mac developer is getting targeted specifically.
There's not one single way, so, no, you're just hand-waving here.
