← Back to context Comment by joshka 2 months ago Yeah, this seems like a very smart but inherently flawed idea. 2 comments joshka Reply cypherpunks01 2 months ago Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks. Xss3 2 months ago May as well just release an executable tbh.
cypherpunks01 2 months ago Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
May as well just release an executable tbh.