|
|
|
|
|
|
by RulerOf
1284 days ago
|
|
|
I see this a lot and it really rubs me the wrong way, but it makes a lot of sense from a usability standpoint. I started pointing directly at the full commit SHA of the version I want to use when pointing dependencies at Github repos, as I have some naïve belief that it'll offer me a reasonable level of protection from the malicious takeover of a repo. |
|
|