|
|
|
|
|
|
by marwis
982 days ago
|
|
|
Same thing with Java Security Manager which is in the process of being removed with no replacement. Unfortunately supply chain security is incompatible with developer convenience. At least not without a lot of work to make it bearable. We will have to suffer through a lot worse attacks than now before people will take it serious (most developers likely never but governments will at some point intervene - see EU's CSA). |
|
|
Back then, you often just ran VS as local admin, supply chain attacks weren't a 'real' thing most of the time, so NBD.
So then you try to deploy your app, and discover the joys of signed assemblies.
And you -make absolutely sure- when you leave, you give instructions to rebuild the whole pipeline if need be.
TBH at least we knew there was the polite illusion of a sandbox...