← Back to context Comment by joshka 11 hours ago Yeah, this seems like a very smart but inherently flawed idea. 2 comments joshka Reply cypherpunks01 10 hours ago Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks. Xss3 10 hours ago May as well just release an executable tbh.
cypherpunks01 10 hours ago Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
May as well just release an executable tbh.