Hacker News new | ask | show | jobs
by guappa 584 days ago
Blame it on go dependency lists and similar.

What do you even review when it's one of those? There's thousands of lines changed and they all point to commits on other repositories.

You're essentially hoping it's fine.
1 comments
lrvick 584 days ago
Shipping code to production without evidence anyone credible has reviewed it at a minimum is negligence.
link
guappa 584 days ago
You're claiming here that you do a review of all of your dependencies?
link
lrvick 579 days ago
For security critical projects, of course. I even reproducibly bootstrap my own compilers and interpreters.
link