|
|
|
|
|
|
by Findecanor
1680 days ago
|
|
|
Another approach would be to harden the software supply chain by requiring that dependencies and side-effects are entitlements in metadata that are visible and would need to be approved by the programmer that imports the module. There are already some frameworks out there who use signed metadata and databases to track code and where code comes from.
But on the source code level, I think the metadata could just be extracted from the existing Crate metadata and source code. |
|
|