|
|
|
|
|
|
by chii
136 days ago
|
|
|
Why wouldn't those also become a target, if they would grow to be sizable? And if they have prevention mechanisms, why can't existing supply chains be secured with similar prevention mechanisms, instead of funneling to a single package manager provider? |
|
|
Surely someone with more resources and more sets of eyes could do better than that? AFAIK nobody has compromised Debian's APT repositories and Red Hat's RPM repositories yet.