alt Hacker News> proper easter eggs don't introduce security issues
Proper code doesn't either, and yet there they are! The point is they added another attack surface, however small, and another code path that should be tested.
When people started to care about 100% test coverage, they started to disappear.
> The point is they added another attack surface, however small, and another code path that should be tested.
I dunno, "attack surface" to me means "facilitate opening/vulnerability somehow" and none of the easter egg code I've seen has done that. You have any concrete examples where a easter egg made possible a security vulnerability that wouldn't be possible otherwise?
But yes, another code path created by easter eggs that wasn't tested I've seen countless of times, but never been an issue, but maybe our easter eggs always been too small in scope for that.