|
|
|
|
|
|
by lstamour
2312 days ago
|
|
|
The paranoid in me says there’s no point in installing the web store version unless you download and inspect /it/. The source code published isn’t necessarily the version distributed, though obviously injecting code in the CI pipeline would be... excessive. This goes back to the trusting trust problem. https://www.schneier.com/blog/archives/2006/01/countering_tr... If someone managed to skip an exploit into a release of webpack, well, there goes the Internet ;-) |
|
|