Probably good advice for lots of things these days given supply chain attacks targeting build scripts, git, etc.