Comment by tom1337
2 months ago
How does a pull-through cache prevent this issue? Wouldn’t it also just pull the infected version from the upstream registry?
2 months ago
How does a pull-through cache prevent this issue? Wouldn’t it also just pull the infected version from the upstream registry?
I think it's implied that packages can be blocked and/or evicted from said cache administratively. This deliberately breaks builds, and forces engineers to upgrade/downgrade away from bad packages as needed.