Y
Hacker News
new
|
ask
|
show
|
jobs
by
aqueueaqueue
481 days ago
If the threat vector is the code owner is lying that their app is the same code as the repo, even downloading artefacts from that same report is risky. Even the code itself should be manually read and verified.