Y
Hacker News
new
|
ask
|
show
|
jobs
by
archargelod
1018 days ago
Even when you trust the repo owner, you can't trust their projects. Bad actor could still sibmit a PR with malicious code and it could be merged just by negligence.