|
|
|
|
|
|
by Macha
1814 days ago
|
|
|
Who says it's important to that maintainer that their project used as a build time dependency has a vulnerability if provided untrusted user input? What if it requires major upgrades of their framework or toolchain they don't want someone doing drive by? What if they require a CLA that your legal team won't let you sign? |
|
|