Comment by efortis
2 months ago
Show them this Ken Thompson paper of 1984: "Reflections on Trusting Trust"
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...
And then hardware compromises…
I don't mean install anything. I mean, it's not a problem particular to the JS ecosystem.
I full source bootstrapped a Linux distro from hex0 all the way to nodejs binaries just to deal with trusting trust risks.
"just give up" is not a valid strategy.
https://codeberg.org/stagex/stagex
where can I follow you? blog, x?
https://lance.dev has my mastodon etc. My friends and I also run the #! community, https://hashbang.sh #!:matrix.org