Y
Hacker News
new
|
ask
|
show
|
jobs
by
olejorgenb
13 days ago
Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.
1 comments
lights0123
13 days ago
Software vulnerabilities are often not placed maliciously, and are present in the original source. If you don't patch them if discovered later, you'll be vulnerable to them.
link
olejorgenb
13 days ago
Yes. Isn't that "giant PITA" is referring to here?
> your own repo reviewing and merging from upstream as needed. Would be a giant PITA though
link