Y
Hacker News
new
|
ask
|
show
|
jobs
by
Trasmatta
1913 days ago
That's a good idea generally, but it wouldn't have saved you from this issue. The gem had an MIT license, and the offending file was copied in, not sourced through a dependency.
2 comments
hakre
1910 days ago
Depends on the process. If assigning a license means that there is a review of the dependency before use, this is normally seen.
link
mooreds
1913 days ago
Gotcha, fair point. I should have read deeper; I only read the Rails issue, but should have dove into the mimemagic one. My bad.
link