Y
Hacker News
new
|
ask
|
show
|
jobs
by
angelbob
3698 days ago
I'm hoping there's an easy way to turn this off for the foreseeable future, to avoid all the obvious security holes this is likely to introduce.
1 comments
dvirsky
3698 days ago
You don't have to use it, and you should not use modules you don't trust.
link
angelbob
3698 days ago
In an ops-type capacity, I support developers. I keep up with news like this
specifically
to avoid winding up with modules somebody else trusts, but didn't inspect.
link
dvirsky
3698 days ago
What would be a must and should probably be a default, is not allowing to load modules using the network API, only via config file.
link