|
|
|
|
|
|
by malikolivier
73 days ago
|
|
|
This is exactly to avoid this kind of issue that I decided to work on StableBuild.
StableBuild pins and hosts a copy of your dependencies at a specific freeze date, so that your supply chain is never contaminated.
This way, a compromised version published after your freeze date (even with the same version number!) would never reach your build. |
|
|