← Back to context Comment by joshka 17 hours ago Yeah, this seems like a very smart but inherently flawed idea. 2 comments joshka Reply cypherpunks01 17 hours ago Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks. Xss3 17 hours ago May as well just release an executable tbh.
cypherpunks01 17 hours ago Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
Yes I agree! OSS package management ecosystems are a great idea, but allowing submissions without any review or vetting is just asking for supply chain attacks.
May as well just release an executable tbh.