|
|
|
|
|
|
by diggan
1473 days ago
|
|
|
> They fix a problem that shouldn't exist Shouldn't exists because why? Because people should just be nice? Supply-chain attacks are a real vector, one that seems to be able to have a larger impact by each day, as the OSS ecosystem grows and the dependency of using dependencies grow. People want to be able to use 3rd party packages, like we've been doing for quite some time now. But there are a lot of them, and no (easy) way to manage exactly which one are "good" vs not, without manually going through each one of them, for each project. |
|
|