Hacker News new | ask | show | jobs
by dchest 110 days ago
How is _your_ supply chain a concern of this open source developer?
2 comments
ZeroAurora 110 days ago
_My_ supply chain is not a big deal, lol. But this is HTTPX. A network library that has a considerable number of users.

When I say _considerable_, I'm essentially saying _nearly every_ big tech. The one I can tell for sure is OpenAI (not a fan of them though).

Remember xz attack?

link
dchest 110 days ago
Why can nearly every big tech take care of their supply chain? :)

Clearly, the maintainer doesn't want to do this job anymore, and it's not a requirement when releasing your code to also do stuff unrelated to programming.

link
nijave 105 days ago
The parent poster never said it was. They just claimed it's risky for them which I agree with
link