|
|
|
|
|
|
by codedrift_
279 days ago
|
|
|
> To achieve this, we require that packages are built on a trusted CI/CD platform Given what happened with NX [1], I'm hoping GitHub Actions disallows certain types of commands in their YAML. Otherwise we still have a straightforward way to attach provenance to malicious code. =\ 1: https://x.com/adnanthekhan/status/1958722939534417989 |
|
|