|
|
|
|
|
|
by imoverclocked
246 days ago
|
|
|
> The easiest way to verify that is by using a reproducible automated pipeline Conversely, this is also an attack surface. It can be easy to just hit "accept" on automated pipeline updates. New source for bash? Seems legit ... and the source built ... "yeah, ok." |
|
|