|
|
|
|
|
|
by KaiLetov
62 days ago
|
|
|
The fact that OpenAI's pipeline had no minimumReleaseAge configured is surprising though. That's basically saying "run whatever npm published 5 minutes ago in a context that has access to my signing keys." For a company that size, with that attack surface, feels like this should've been caught in a security review. |
|
|