|
|
|
|
|
|
by stairlane
700 days ago
|
|
|
Hopefully this also introduces standardized auditing of open sourced packages. Just because something is open sourced, doesn’t mean it’s altruistic and not susceptible to malicious actors submitting seemingly innocuous code that gives bad actors a back door. The xz fiasco earlier this year should encourage every organization to conduct such audits. A code smell could and should be enough for packages to not be supported. |
|
|