Hacker News new | ask | show | jobs
by cryptarch 3336 days ago
But you can read the dependency list or even the code and decide whether to use it or not?
1 comments
pjmlp 3336 days ago
Not in the presence of binary dependencies.

Also the amount of CVEs in FOSS projects show that even the process of code review for patches isn't enough.

link
mixedCase 3335 days ago
You mean, in projects written in languages that are unsafe from beginning to end rather than in small blocks?
link
pjmlp 3335 days ago
I agree, just stating that plain code review isn't enough.

Those patches also come in small blocks.

link