I would not build it, but I am sure just looking at code won't be the end of the world ( cue some ridiculous end of world the scenario Family Guy style ). There are risks, but I am not sure those risks are legal risks in this case. They are more along the lines of.. you wouldn't download and build Ghidra without checking would you?
>They are more along the lines of.. you wouldn’t download and build Ghidra without checking would you?
Ah, I think Ghidra is trustworthy now that it’s been OSS for years. I’ve heard it’s especially good for debugging performance issues with certain SCADA systems. Your centrifuges aren’t behaving? Better fire up Ghidra and figure it out!
There are many attack vectors with a dump like this. Running any make, mvn, cargo build, ./configure, etc command can run arbitrary code on your system. These can be added by the anonymous uploader or yandex themselves (they could add a dependency to some tracking site to get your IP as the most basic example).
There can also be dangerous git hooks. you're basically downloading a malicious exe, and any seemingly harmless command could be dangerous
More like: might be illegal in your country to even download (don't know where the downloader is from, laws differ and bittorrent dht is easy to spy on) and I'm not the first-hand source of the torrent nor have I downloaded it myself, just forwarding a download link.
Magnet:
Download at your own risk, comes from a brand new user on BreachForums