I meant that the implication seems to be the code got there not by an authorised committer adding bad code, but by external party adjusting the SCM - the conversation seemed to be heading off into wilds of "code review practises"