Comment by Joker_vD
5 days ago
Yeah, there is a rather strong "downloading and executing arbitrary code from the Internet may lead to execution of arbitrary code" kind of vibe there.
5 days ago
Yeah, there is a rather strong "downloading and executing arbitrary code from the Internet may lead to execution of arbitrary code" kind of vibe there.
Starting on the other side of the airtight hatchway: https://devblogs.microsoft.com/oldnewthing/20221004-00/?p=10...
Seems the normal mitigations apply i.e. validate with hash or save a local copy. Validate new versions before adopting
And yet you just described the behavior of many mid-size company "DevOps" departments.