|
|
|
|
|
|
by m4rtink
1772 days ago
|
|
|
Maybe if you drink from the NPM PyPI firehouse without checking (as too many do unfortunately). For regular Linux distribution there are maintainers updating packages from upstream source that can spot malicious changes slipped in upstream. And if maintainers in one district don't notice, it is likely some in onether distro will. And there are LTS/enterprise distros where upstream changes take much longer to get in and the distro does not change much after release. Making it even less likely a sudden malicious change will get in unnoticed. |
|
|