|
|
|
|
|
|
by marcus_holmes
2707 days ago
|
|
|
> why the generalization? lot of package manager have been serviceable for decades, their security model based solely on verifying the maintainer identity with clients deciding which maintainer to trust. What happens when the maintainer of a package changes? The big problem I see happening is maintainers getting burned out and abandoning their packages, and someone else taking over. You might trust the original maintainer, but do you get notified of every change in maintainer? |
|
|