Y
Hacker News
new
|
ask
|
show
|
jobs
by
throwawaysoxjje
290 days ago
Am I getting bubblewrap somewhere other than my distro? What makes it different from any other executable that comes from there?
1 comments
shermantanktop
289 days ago
Nothing. Does your threat model assume 100% trust in your distro? I understand saying you trust it a lot more than the garbage on npm. But if your trust is anything less than 100%, you are balancing risk and benefit.
link