|
|
|
|
|
|
by st3fan
875 days ago
|
|
|
It is not about the domain. "It is not a good indicator of trustworthiness of the actual thing you download." I just downloaded something with malware from github.com. I indeed wanted to connect to github.com and I trust that it is Github.com. But again ... it did not say _anything_ about the trustworthyness of the _actual_ thing I did, which was to download an asset from that domain. That is my point. In the context of this discussion about downloading dependencies. |
|
|