|
|
|
|
|
|
by practorz
271 days ago
|
|
|
>In any case, if the choice is “frequent supply chain compromise, take it or leave it”, the answer is of course “leave it”. There's another choice: vendor your dependencies and manually review and vet updates.
That solves all your problems, no need for "trusted third parties", you are the one vetting it, only need to trust yourself. |
|
|
Fix it early so the user does not have to deal with the complexity is most often the best approach.